Official EasterBunny Discussion

system · April 22, 2022, 8:00pm

Official discussion thread for EasterBunny. Please do not post any spoilers or big hints.

Alexis2Pro · April 24, 2022, 9:02am

I could use a hint if anybody has one

0xc24 · April 24, 2022, 12:01pm

Yep , I was thinking about inserting XSS in the letter , but no luck so far

Pedr4uz · April 24, 2022, 7:01pm

Maybe the correct path involves some unusual headers and poisoning something

Pedr4uz · April 25, 2022, 12:49pm

have a look on your dm

lazytitan33 · April 25, 2022, 7:51pm

Hey, may I have some hint? The docker isn’t building for me so I can’t see exactly what’s happening on the backend. I’m able to poison the something but only partially so the bot isn’t acting like I want it to.

J14L3 · April 26, 2022, 10:42am

Stuck on this challenge for days. Need a nudge , thanks in advance

Pedr4uz · April 26, 2022, 3:10pm

you dont actually need to build the docker, those files were intended for code review;

i’ve already gave some good tips in this thread, more than that would be too much, sorry =/

bolazoo · April 27, 2022, 4:57pm

fun challenge! pm me for nudges if needed. tho, this thread already has plenty enough

stuxve · May 2, 2022, 7:19pm

Stuck for days on this. Not sure how to keep going. Anyone DM?

Al3x33 · May 4, 2022, 8:39pm

May I have some hint guys?

atR00T · May 10, 2022, 4:18pm

yo any one solved it … please DM me I have three days stuck in the last stage

binho1337 · May 17, 2022, 12:05am

hello to the initial part you will find the tip in the download files. after find that don’t forget to change the host to what you see in download files and i have to use ngrok to receive the request.

endepointe · May 28, 2022, 6:18am

i run npm start and am trying to use ngrok to look at requests with my first day experience with ngrok. any tips on what commands to use with ngrok to look at the requests?

EDIT: ah, i see. I have some requests showing

endepointe · May 28, 2022, 8:49pm

can you elaborate on how you received the request? did you use the ip address of the instance within ngrok? did you run the express server locally and then somehow send the requests to the instance ip address?

binho1337 · May 28, 2022, 8:55pm

yes i use ngork address to receive the request from internet and use python3 -m http.server 80 to offer the XSS javascript.
Check if you have received the request.
see if the file name.js is correct.
But for the request to come you need to analyze the downloaded files.
you will need to change the host and add a header

endepointe · May 28, 2022, 9:07pm

im able to insert a header.
check

binho1337 · May 28, 2022, 9:08pm

its another header you will see check the download files from the challenge

endepointe · May 29, 2022, 12:21am

am i supposed to be able to load the instance from ngrok and send the message? because I am getting a 3004 error
check

endepointe · May 29, 2022, 12:23am

with command:

Topic		Replies	Views
Official AbuseHumanDB Discussion Challenges	37	4270	May 4, 2023
Official Neonify Discussion Challenges	21	5891	October 8, 2024
Oouch Write-Up by Gunroot Writeups oouch-oauth-uwsgi-db	5	678	August 2, 2020
Official petpet rcbee Discussion Challenges	17	4440	October 15, 2022
Little Tommy Challenges	22	5221	February 14, 2021

Official EasterBunny Discussion

Related topics