Official Bookworm Discussion

Official discussion thread for Bookworm. Please do not post any spoilers or big hints.

1 Like

So in the end this is what everything was about, the final enemy

I wish the best for everyone, I’ll be with you :heart:



Just when I have gotten 8% away from Pro rank…sadge

where are the ebooks ?

thats clearly gonna be pain in da a$$ … last box for the season xD

Good luck everyone, I could not find anything yet.

At the very least one of your assumptions about a field looks wrong

you mean the password field?

I’m a bit wary about the rules of giving too much information, but I will say you might want to investigate further on some of your assumptions. I haven’t solved it so I don’t know if it’ll actually help, but some things you said aren’t fully true.

Spent about 4 hours but still nothing…

P.S. cookie?

Finally pwned the last seasonal machine. I thought it would be much harder, this one is closer to hard difficulty machines.
Most of the times you can guess what is expected to do the only problem may be with implementing it the right way.
Some hints:

  • User: record all interactions with the web app. make others do what you can not. Look for some interesting parameters, experiment with them. After that getting user is easy, just need to enumerate common stuffs.
  • Root: move things around (I think there was a machine like that already xD)

Anyway, the machine was good, made me code some nice stuff for the user part, the only problem is that one part of the way is very slow.


no need to poke the cookie. better focus on the notes

1 Like

I found that notes can reflect X** palyoad, but…


can i pm about something ? (last part for user).

Got it nvm.

1 Like

Could you help me? My Discord is: L4nder#0001

Great machine to end this season.

For user, once you find the initial vuln, use it to get a peak at what is “on the other side”. Read it, update your exploit and go further. Rinse and repeat.
For root, you’ll need to redirect, deflect, transform stuff to get what you need. There are plenty of ways to do so, not only one answer.

As always, I you feel like you are running out of ideas or knowledge, feel free to reach out :wink:


i found the initial vuln, and could trigger it manually, but could not get any feedback from serverside. i did not find any report feature or similar on the site. am i missing something?

Check out what was recently updated on the shop pages

Finally understand the page.
Great hint. Thanks.

1 Like