Official Catch Discussion

Hey all, I’m currently stuck trying to get this web shell. Not sure how to mention it without spoilers but every time I go for the shell I’m getting an invalid response. Any help would be wonderful!

foothold/user: avoid rabbit holes - multiple keys and doors to try - don’t get stressed if one doesn’t work, just move on and find the one that does then reference tip above about nested variables.
root: read/understand/exploit the script, don’t fight, arguing can lead to unintended consequences

Wow, thanks for the tips! helped me a lot :slight_smile:

I’ve figured out what I’m meant to do with the nested variables, but I have no idea the command to use to read a nested variable, can anyone PM me and help me out a little I feel like I’m right there.

if youre using one of those 3 vulnerabilities try a different one the obvious RCE might be a rabbit hole

Ended up getting it shortly after I posted originally but thank you! I was following the path explicitly shown by the blog that posted about the CVE but once I took a step back and tried other routes I got it pretty quickly.

Think I’m close to rooting the box but having issues with “the tool” when trying to build… Anyone else have this?

I know it’s a bit vague but :person_shrugging:

anyone else getting “zip END header not found” when building an apk? or am i doing something wrong?.. any help would be appreciated as I’m about to throw my computer at the wall…