Official discussion thread for Busqueda. Please do not post any spoilers or big hints.
4 Likes
Invalid engine!?
I’m fuzzing the parameters right now to see if anything sticks. I’ve found similar code to the comments above but no luck in getting any unique responses.
I have the dirtiest ACE working. User flag down… // TODO: learn python
Got it working f one single char was making my payload fail for an hour
me too brother
When you set engine to python http.server running locally, the request is visible in tcpdump. But can’t arange to run any code or load simple php script… 
1 Like
Rooted!
User is pretty straightforward. Be sure that the payload you’re submitting still means what you intend it to mean by the time it reaches the application. 
any progress in privilege escalation?
1 Like
hint about priv escalation?
User was fun and pretty straightforward. Loads of hints in this thread already.
have you tried to curl your IP ?
Sure. I’ve tried something like that ‘+curl…+’#
1 Like
It’s VERY big hint. It is’t even a hint, it’s a solution! I think you should delete this.
Frankly said , this is the first time i’m trying to give hints. So thank you for your note.
I’ve found where they store the teabags, I really hope I don’t have to throw rocks at this 
:
Thats what ive been trying I just cant seem to get it to work 
glad to see im on the right track tho lol
you probably enter it outside the browser
question is, if it is really good way and not just rabbit hole
Im in burpe i feel like my syntax is just off