Official EasterBunny Discussion

Official discussion thread for EasterBunny. Please do not post any spoilers or big hints.

1 Like

I could use a hint if anybody has one :slightly_smiling_face:


Yep , I was thinking about inserting XSS in the letter , but no luck so far

Maybe the correct path involves some unusual headers and poisoning something


have a look on your dm

Hey, may I have some hint? The docker isn’t building for me so I can’t see exactly what’s happening on the backend. I’m able to poison the something but only partially so the bot isn’t acting like I want it to.

Stuck on this challenge for days. Need a nudge , thanks in advance

you dont actually need to build the docker, those files were intended for code review;

i’ve already gave some good tips in this thread, more than that would be too much, sorry =/

fun challenge! pm me for nudges if needed. tho, this thread already has plenty enough


Stuck for days on this. Not sure how to keep going. Anyone DM?

May I have some hint guys?

yo any one solved it … please DM me I have three days stuck in the last stage

hello to the initial part you will find the tip in the download files. after find that don’t forget to change the host to what you see in download files and i have to use ngrok to receive the request.

1 Like

i run npm start and am trying to use ngrok to look at requests with my first day experience with ngrok. any tips on what commands to use with ngrok to look at the requests?

EDIT: ah, i see. I have some requests showing :slight_smile:

can you elaborate on how you received the request? did you use the ip address of the instance within ngrok? did you run the express server locally and then somehow send the requests to the instance ip address?

yes i use ngork address to receive the request from internet and use python3 -m http.server 80 to offer the XSS javascript.
Check if you have received the request.
see if the file name.js is correct.
But for the request to come you need to analyze the downloaded files.
you will need to change the host and add a header

im able to insert a header.

its another header you will see check the download files from the challenge

am i supposed to be able to load the instance from ngrok and send the message? because I am getting a 3004 error

with command: