Official Cybermonday Discussion

Official discussion thread for Cybermonday. Please do not post any spoilers or big hints.

Good luck everyone!


Happy hackings everyone and have fun.

Edit1: Their buy button is not working. But i want that headset :smile:
Edit2: It says “Registration is required to purchase products and to contact our support team” i have registered and i wanna contact your support team. Where is the link :sweat_smile:
Edit3: Star rating of this machine gonna be so low because this box is slow and no one likes slow boxes. Also It’s been up for 16 hours and there is no user owner yet so it must have a unique type of attack vector.
Edit4:I think i am gonna give up buying that headset cuz there is no customer support they are liars :joy: :joy:


Hopefully this will be a good machine! :slight_smile:

It has been 2 hours and there should be dozens of messages for now. I think everyone enjoying at vacation this weekend. :beach_umbrella:

Good luck. I will attempt a hard machine for the first time. I give myself a fair ~5% chance of success.


You’d be surprised. Some ‘Hard’ boxes are easier than ‘Easy’ in my experience.

It really is just a dice throw of what the way in is.


Hello There…

hello there first hard box for me. getting some hunches on the vulnerability

:oooo im not saying any thing

So far, we can only see some of the source code and nothing else.

hmm found only one interesting thing so far…not sure yet how to exploit it…

Has anyone obtained a b****p?

Found a way to create my own products… not sure how to exploit that though…

1 Like

Feels like we are missing something during the enumeration phase… I mean can’t really discover subdomains with a speed a 10req/sec :person_shrugging:

1 Like

I don’t think, brute forcing the subdomain is the way to go :slight_smile:

I think you are completely right… I can trigger something that shows something else of a particular section. Maybe that’s what I gotta do to achieve an higher level of control…

Someone summoned me ?


True! Found one without brute force :slight_smile:

Are you saying that you have found a virtual host or some secret endpoint?!?! :scream: