Official Busqueda Discussion

Official discussion thread for Busqueda. Please do not post any spoilers or big hints.


Invalid engine!?

I’m fuzzing the parameters right now to see if anything sticks. I’ve found similar code to the comments above but no luck in getting any unique responses.

I have the dirtiest ACE working. User flag down… // TODO: learn python

Got it working f one single char was making my payload fail for an hour

me too brother

When you set engine to python http.server running locally, the request is visible in tcpdump. But can’t arange to run any code or load simple php script… :frowning:

1 Like


User is pretty straightforward. Be sure that the payload you’re submitting still means what you intend it to mean by the time it reaches the application. :wink:

any progress in privilege escalation?

1 Like

hint about priv escalation?

User was fun and pretty straightforward. Loads of hints in this thread already.

have you tried to curl your IP ?

Sure. I’ve tried something like that ‘+curl…+’#

1 Like

It’s VERY big hint. It is’t even a hint, it’s a solution! I think you should delete this.

Frankly said , this is the first time i’m trying to give hints. So thank you for your note.

I’ve found where they store the teabags, I really hope I don’t have to throw rocks at this :crying_cat_face::

Thats what ive been trying I just cant seem to get it to work :smiling_face_with_tear: glad to see im on the right track tho lol

you probably enter it outside the browser

question is, if it is really good way and not just rabbit hole

Im in burpe i feel like my syntax is just off