Official Alert Discussion

Official discussion thread for Alert. Please do not post any spoilers or big hints.

Goodluck everyone!

Got the initial foothold. Trying to understand the payload

I know what to do, stuck in generating the payload for initial foothold

found 2 different possible attack vectors. im not sure what to do next to gain a foothold. one method seems to be a dead end and the other seems promising but credentials are needed…or not?

Asking in vein of above

anyway to use the file upload to get a reverse shell, tried but all attempts failed

Ive tried getting a reverse shell but nothing is working, I tried cookie stealing and I got nothing. Anybody have any tips to move forward?

i am able to ping myself but not able to get reverse shell any hint??

I’m getting a connection when running javascript inside the .md file and i get connection back but still having issues to make it work

how u get a connection back using nc?

I think they’re using javascript to fetch from his local machine with the netcat which would return a GET request to nc

Hello
Any hint will be appreciated

so i am able to “fetch” files from my own machine, but how to make them be executed server side?
This text will be blurred

When uploading the .md file it is triggers the nc but how to get the shell

hey ,i can send msg to website admin, i’m trying steal cookie by xss,but nothing be take out.would i should continue this way ?

If there is something wrong with the JS, you wont get a response… I first get a response by myself so that shows it is working.

There is also CORS in place…

Yeah, I got a response myself for the JS, waited for an hour and didn’t get a response from admin.

is there a specific message we have to write ?

admin seems to be trigger happy when sent links