Official Download Discussion

aymanabouhamra · August 6, 2023, 2:12pm

any clue on the foothold?

Minot · August 6, 2023, 2:51pm

People usually give hints after 24 hours have passed

Ruycraft1514 · August 6, 2023, 2:55pm

It’s not 24h. It’s way less. In my country it was released at 21h, and now it’s 16:54h, so it’s 20h~

Windatom · August 6, 2023, 2:59pm

Guys, Is that //download, //view, /***/delete are directory or it is passing as a some sort of command? delete looks sus for me?

s0ck37 · August 6, 2023, 4:35pm

Ok I found the LFI.
Hint: look at the machine name and If you have any problems try encoding.

HMS · August 6, 2023, 4:38pm

I have identified that the “d” endpoint behaves abnormally under certain conditions, but I don’t know if it will be a foothold.

JimShoes · August 6, 2023, 6:59pm

Anyone working on root?

otter · August 6, 2023, 7:01pm

it can help with enumeration

Miloella007 · August 6, 2023, 7:24pm

Got user?

Parkai · August 6, 2023, 8:23pm

How is this a medium machine???
Nothing is working for me right now
If anyone has any nudges for the right path ?? Whatever I tried already doesn’t feel like giving me something useful.

lim8en1 · August 6, 2023, 8:26pm

Yeah, got a shell as another user, but it looks like a rabbit hole.

Infinityx24 · August 6, 2023, 9:43pm

anything for user?

taphacker · August 6, 2023, 9:46pm

Can I dm someone for root?

ph0bos · August 6, 2023, 11:14pm

Not a medium machine. User first blood took like 12 hours lol.

lim8en1 · August 7, 2023, 12:39am

I’ve finally pwned that machine! Thanks to 4m1n3 and @Timsu for helping me out, and to the creator of the machine for that awesome box!
In terms of number of required steps it is a medium machine indeed, but finding the right way is pretty hard.

Some hints for user: enumerate the website, some filtering bypass techniques may be handy. After that study the code, think on the things that you control, and the way forward becomes clear.
Root: enumerate the machine, executing the code as someone else is not hard, but to move forward you will need some more googling and enumeration to do. I’ve crashed the machine several times while exploring stuff and wasted time becase of that, so be careful as you may need to reset the machine in such cases.

R1D3R · August 7, 2023, 2:10am

It has been 5 hours after analyzing the code, I think I read each file at least 10-15 times by paying LOTS of attention to req.session, req.body and whatever param I might control. The ONLY thing that I could think about is IF something happens when I pass an array to the places where req.session values are used. Maybe I can achieve something similar to a NoSQL Injection but I have NO F****** CLUE

I even wrote a Python script that automates the WHOLE website because I was (I mean, AM) going crazy, I even added the functionality to UPLOAD files because I was completely lost

aymanabouhamra · August 7, 2023, 2:14am

where did you get the code from? any hints on that ?

lim8en1 · August 7, 2023, 2:19am

Well, you are almost there.
Btw imo root is about the same difficulty as the user

JimShoes · August 7, 2023, 3:35am

Can confirm root difficulty. Definitely higher than a medium.

JimShoes · August 7, 2023, 3:36am

Feel free to DM and I can help you out here.

Topic		Replies	Views
Official Horizontall Discussion Machines	174	24738	December 12, 2024
Official Resource Discussion Machines	153	4566	November 23, 2024
Official RopeTwo Discussion Machines	82	10667	January 18, 2021
Official Worker Discussion Machines	303	30032	March 4, 2021
Official Compromised Discussion Machines	210	22190	January 25, 2021

Official Download Discussion

Related topics