Official Cereal Discussion

Official discussion thread for Cereal. Please do not post any spoilers or big hints.

Spoiler Removed

good luck

this must be a record breaker (LOL) spoiler in the first comment !! @cool4coder what did you give away the IP address ?

lawlll

I’ve been on this S’Mores cereal binge for awhile. It’s like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It’s da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.

Type your comment> @Zot said:

I’ve been on this S’Mores cereal binge for awhile. It’s like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It’s da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.

I just had a terrible, horrible thought. If somehow, I couldn’t have cereal anymore, I’d be decerealized. gasp Then I’d probably get thrown into rehab. Get released into a group home. Have to go to cerealaholics anonymous meetings. I think I had a nightmare like that once.

Alright I think I know the exploit but I need the username and password for it to work. If anyone else has found out the exploit please tell me whether it is a rabbit hole or not!!
(exploit is related to something sweet)

“X-Powered-By: XXXXX”
Yep, hard machine. That’s all my progress, I’m not ready to solve this yet. Any help?

WHY??

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=2592000
WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration"
X-Rate-Limit-Limit: 5m
X-Rate-Limit-Remaining: 0
X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z
X-Powered-By: Sugar
Date: Fri, 27 Nov 2020 15:03:46 GMT
Connection: close
Content-Length: 0

I have generated the valid token, where I can choose the food

Look at your error:
The token has no expiration

Type your comment> @ryarnyah said:

Look at your error:
The token has no expiration

yes I’ve seen but I don’t know how to set a date

ok

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=2592000
X-Rate-Limit-Limit: 5m
X-Rate-Limit-Remaining: 5
X-Rate-Limit-Reset: 2020-11-27T16:06:53.4910732Z
X-Powered-By: Sugar
Date: Fri, 27 Nov 2020 16:01:53 GMT
Connection: close
Content-Length: 43

{"message":"Great cereal request!","id":17}

Type your comment> @ryarnyah said:

Look at your error:
The token has no expiration

you have PM

Is there anyone who can give some hint (no spoiler please). I’m stuck for so long with S & Restri** to trigger my payload?

Generated a valid token and stuck at the GET part. Hints anyone?

Type your comment> @luca76 said:

WHY??

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=2592000
WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration"
X-Rate-Limit-Limit: 5m
X-Rate-Limit-Remaining: 0
X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z
X-Powered-By: Sugar
Date: Fri, 27 Nov 2020 15:03:46 GMT
Connection: close
Content-Length: 0

because when you read the source code there is a whitelisting of IP.

Got user… i’m a dick…

guys can anyone help me to root? PM me