Official Clicker Discussion

Accaard · September 27, 2023, 7:47am

is admin access useless or im missing smth?

Eyezik · September 27, 2023, 7:35pm

i forgot i was www

4drez · September 28, 2023, 1:04am

same here

5105 · September 28, 2023, 4:50am

u can get a shell from sqli…???

404Ghost · September 29, 2023, 11:45am

For me, becoming the root is piece of cake, but I struggle a bit to become a user.

I found two ways to become the root, but I don’t know which one is the intended one.

takemyhand · September 30, 2023, 4:49pm

I am www-data. How do I get past the binary? I decompiled it in IDA but nothing seems interesting.

Anon4Now · September 30, 2023, 5:04pm

Man I don’t know how you bypassed the q**** function, but if you ever are open to providing a hint I would happy to hear it. I have been banging my head on this one

hackw3ll · September 30, 2023, 6:26pm

Anybody around for a nudge on foothold? found many vulns which seem to be rabbit holes and I’m stuck big time!

kneehighskii · October 12, 2023, 9:36am

Pwned Clicker!!
Nice Box. I love CTF-like machine:)

CyberSecNV · October 20, 2023, 2:09am

Did something change, again, recently? When I attempt to login after changing it to an admin role none of the pages work anymore. It just constantly reloads the same pages. I was able to replicate this several times.

fogia · October 20, 2023, 4:24pm

I had the same error.
It was due to my setup. I play using a docker container from which I connect to the VPN.
I had to run my container in --privileged mode to make it work. I think the correct way would have to set the correct cap. But didn’t want to loose time
Hope it will help you folks

gargamel · October 25, 2023, 5:14pm

Hello my friends
Can I ask somebody for a nudge for user? I have a shell www-data on the machine but I don’t know what to do now.

8158 · November 1, 2023, 11:30am

Is anyone aware if there’s an issue with this box? I’m at the administration page but it’s blank?

rek2 · November 10, 2023, 8:21pm

Same here. I was expecting at least for the user I created to show the clicks… but is blank, I restarted 2 times and re did my way to admin also 2 times before and after resetting. Same result
[update] LOL I left to have dinner, left it on, came back 1 hour later, did a reload for the heck of it and now it shows 4 users their clicks and such and a new export option that changes everything… this box is super buggy

Knightss · November 21, 2023, 9:50am

I’m stuck at a step where I’m getting an error: “Load key ‘id_rsa’: error in libcrypto.” Can anyone please help me with this?

shpm · November 22, 2023, 6:37pm

Can anyone give me a hint about getting admin access? I’m out of ideas for now. I’ve tried bypassing the token hash in diagnostic.php with type juggling unsuccessfully. Ive tried SQL injecting “role=Admin” in with the “nickname” parameter (like “&nickname=test,role=Admin”) to bypass the filter in save_game.php unsuccessfully. I feel like Im missing something simple here since no one else seems to be having trouble with the admin part

EDIT: nevermind. Figured out the trick

prime1019wowowow · November 23, 2023, 5:53am

I couldn’t help tuning it…

prime1019wowowow · November 23, 2023, 8:17am

rooted in the intended way

Bl4ckSl0th · November 24, 2023, 11:29am

I’m not able to become Admin. I know that I must bypass a ‘security’ check in save_game.php file. Any help?

Bl4ck · November 24, 2023, 10:06pm

I’m stuck at the same point, can you give me a hint?