Official discussion thread for Bagel. Please do not post any spoilers or big hints.
2 Likes
Curiously it was not hard to find a vulnerability, it only is to get anything from it 
One more machine starting, I wish for everyone the best luck 
1 Like
The owns amount is understandable, there is a time when you hit a wall, but the topic not having any message in an almost 8 hours period really scares me 
The box is pretty difficult. Most people are probably super close to a foothold, but don’t want to say anything without spoiling for others. I think I’m on the right track for it, I’ve doing a LOT of google searches and trying different ideas to get away from Jason Vorhees.
I would say that this machine was quite interesting, i was able to learn few things from it.
For anyone stuck feel free to PM.
Imagine me who slept in front of my computer while reading how to get past it
Bagel is a good machine, straightforward I should say, my best hint is be aware of the details, I needed to read the same function three times before I noticed there was something odd, not to mention that I searched every single corner of the library before getting to it
In one way or another, for anyone coming, if you happen to need help or don’t understand something, just send me a message, R is always here
2 Likes
Hello R, do you mind if I DM? Need some guidance as to what tools I should be using for the part that I imagine gets a foothold. I have “the file” needed, but not sure how to start taking a closer look.
Of course, I can help you whenever you need 
2 Likes
Popped; curious as to how other people got a foothold? I extensively used proc to leak info, which felt kind of unorthodox
Wow I really loved that box. One part in particular took me a long time but I learned a lot. Pm me if you need help
And one more box rooted! 
I think getting the foothold was the hardest part of the machine. If anyone needs a hint feel free to PM me
1 Like
Totally agree with what @XSSDoctor and @lim8en1 said.
If you get access to the binary and decompile it with dnSpy , but don’t how to exploit it.
I suggest you setup an Windows VM and debug the binary.
As what I have experienced, the process is tough.
But if you look carefully, you will notice that one function has different return type.
4 Likes
Yea, I had to set up a windows vm to play around with code and try out different things. I think that makes this machine really nice that you have to understand this vulnerability (how to find vulnerable code, what can be placed in payload, etc) and write something custom.
This machine was great. Went down a rabbit hole. But eventually rooted!
Straigthforward box with all its difficulty concentrated on one particular step. It’s like you’re walking on a somewhat flat path in the woods and all of a sudden you have to climb to the top of a mountain, and then the path becomes flat again.
Honestly, identifying the vulnerability is pretty easy if you know your basics, but how you exploit it here… if you didn’t do it before I highly doubt you can find it by yourself (I did not, even though I think I’ve read pretty much everything there was to read about it lol).
Thank you for the box 
1 Like
Rooted. If anyone is experiencing issues with missing config files while debugging the app, you can DM me.
Hey everyone !
I’m currently stuck at making the application run on my windows vm in order to test and find a working payload. I can start the bagel.dll, the 5000 port is opening but when I try to sens something to it, I have no answer. It seems that my websocket server isn’t really working. I also downloaded the necessary dll using the same way than downloading bagel.dll
Can I DM anyone ? Tahnk you in advance !
You can DM me
For people saying that you must run it in windows, you can do this whole thing in linux easily.
NuGet Gallery | ilspycmd 7.2.1.6856 works great. It’s a dotnet core app and is not in any way windows-native. You can build and run it on your kali just fine and if you stare at the code long enough it should become obvious
1 Like
Bake the bagel on your own machine, and it will work well.