Official Clicker Discussion

is admin access useless or im missing smth? :joy: :broken_heart:

i forgot i was www

same here

u can get a shell from sqli…???

For me, becoming the root is piece of cake, but I struggle a bit to become a user.

I found two ways to become the root, but I don’t know which one is the intended one.

1 Like

I am www-data. How do I get past the binary? I decompiled it in IDA but nothing seems interesting.

Man I don’t know how you bypassed the q**** function, but if you ever are open to providing a hint I would happy to hear it. I have been banging my head on this one

Anybody around for a nudge on foothold? found many vulns which seem to be rabbit holes and I’m stuck big time!

Pwned Clicker!!
Nice Box. I love CTF-like machine:)

Did something change, again, recently? When I attempt to login after changing it to an admin role none of the pages work anymore. It just constantly reloads the same pages. I was able to replicate this several times.

I had the same error.
It was due to my setup. I play using a docker container from which I connect to the VPN.
I had to run my container in --privileged mode to make it work. I think the correct way would have to set the correct cap. But didn’t want to loose time :stuck_out_tongue:
Hope it will help you folks

Hello my friends
Can I ask somebody for a nudge for user? I have a shell www-data on the machine but I don’t know what to do now. :sleepy:

Is anyone aware if there’s an issue with this box? I’m at the administration page but it’s blank?

Same here. I was expecting at least for the user I created to show the clicks… but is blank, I restarted 2 times and re did my way to admin also 2 times before and after resetting. Same result :frowning:
[update] LOL I left to have dinner, left it on, came back 1 hour later, did a reload for the heck of it and now it shows 4 users their clicks and such and a new export option that changes everything… this box is super buggy

I’m stuck at a step where I’m getting an error: “Load key ‘id_rsa’: error in libcrypto.” Can anyone please help me with this?

Can anyone give me a hint about getting admin access? I’m out of ideas for now. I’ve tried bypassing the token hash in diagnostic.php with type juggling unsuccessfully. Ive tried SQL injecting “role=Admin” in with the “nickname” parameter (like “&nickname=test,role=Admin”) to bypass the filter in save_game.php unsuccessfully. I feel like Im missing something simple here since no one else seems to be having trouble with the admin part

EDIT: nevermind. Figured out the trick

I couldn’t help tuning it…

rooted in the intended way

I’m not able to become Admin. I know that I must bypass a ‘security’ check in save_game.php file. Any help?

I’m stuck at the same point, can you give me a hint?