Official Download Discussion

0x99samurai · August 8, 2023, 11:06am

Finally got the user flag.
As @lim8en1 said “Focus on what you can control”.
And thanks to @JimShoes for not making me give up on things which I’ve found.

Let’s see if I can get to the root flag.

For anyone out there looking for hint, everything discussed so far in this forum will guide you, rest is up to you! Goodluck! You are really close, trust me!

Bl4ckSl0th · August 8, 2023, 11:12am

How can I sign a cookie?

Minervva · August 8, 2023, 12:12pm

Rooted!
thanks for @lim8en1 for help me with some steps in this new “anomaly” difficulty type.
Following with hints below:

User: You really can do this part with all are said in forum, for PoC, don’t craft anything so massive or using the template, you just need use what you want to know. For more hints in this part, pink floyd albums will help you.

Root: Not think to much in what you can do with that user, but what he can do for you.

Bl4ckSl0th · August 8, 2023, 12:36pm

Is the LFI related to phpmyadmin?

0x99samurai · August 8, 2023, 12:46pm

Ladies and gentlemen
I’ve successfully Rooted the machine.

For root access, all thanks goes to my simple brain.

Sometimes, the problem which we are dealing with is a feature of life.

I take my leave now. I hope you enjoy. And remember, there is more than one way to get root access.

Ceyostar · August 8, 2023, 12:54pm

with a help of him

0x99samurai · August 8, 2023, 12:56pm

A really critical individual in my life for few hours.

waya · August 8, 2023, 12:58pm

Is the monster really necessary ? I’ve been able to do it but I still don’t know where this helps.
Is it something related to the last few lines of the main application file ?

Testeur_2_stylos · August 8, 2023, 1:42pm

Are we supposed to find a .env file ?

vfina · August 8, 2023, 1:50pm

Hi! Can someone DM me? I need nudges on foothold

Bl4ckSl0th · August 8, 2023, 1:52pm

I’m trying to brute the secret key for the signature. Is this the right way?

taphacker · August 8, 2023, 2:00pm

no

Sn0oker · August 8, 2023, 2:00pm

You can find it in source code

alic3 · August 8, 2023, 2:12pm

can someone help me with the last thing i need to get user? i cant figure it out how to build it.

Bl4ckSl0th · August 8, 2023, 2:16pm

I don’t have the source code yet

tec · August 8, 2023, 2:41pm

then try to get it.
the initial vuln is mentioned several times in this thread.

Bl4ckSl0th · August 8, 2023, 2:45pm

Yeah I know, LFI. It this the first vulnerability that I’ve found using nmap. But I was’nt able to find where it is, so I thought that I need to alter cookie first. Maybe I was wrong

surajtheekshana · August 8, 2023, 2:50pm

how to root this?

tec · August 8, 2023, 2:57pm

you need the source code to alter cookie.
check the headers. what is always present in this type of project? find this file first, using it as a start point.

Testeur_2_stylos · August 8, 2023, 3:01pm

Can someone who get user flag DM me ?

Topic		Replies	Views
Official Horizontall Discussion Machines	174	24738	December 12, 2024
Official Resource Discussion Machines	153	4567	November 23, 2024
Official RopeTwo Discussion Machines	82	10667	January 18, 2021
Official Worker Discussion Machines	303	30032	March 4, 2021
Official Compromised Discussion Machines	210	22190	January 25, 2021

Official Download Discussion

Related topics