Official Faculty Discussion

system · July 2, 2022, 3:01pm

Official discussion thread for Faculty. Please do not post any spoilers or big hints.

octopus175 · July 2, 2022, 9:56pm

found sqli in login page, manage to get a hash and usernames. Don’t know where to go next, can anyone give a hint?

JacobE · July 3, 2022, 12:54am

Rooted. Nice box! Both user + root were things I had never seen before.

XSSDoctor · July 3, 2022, 2:25pm

Look into what the web site can do, and what you can download from it. Look closely at the file. Then do some googling

binho1337 · July 3, 2022, 5:40pm

rooted: funy machine

guerohack · July 3, 2022, 7:54pm

Hi
Im in the admin panel, any clue of what i have to do?

Nevuer · July 4, 2022, 4:58pm

Full rooted, it’s an entertaining machine with new things, send me a DM if you are stuck.

octopus175 · July 4, 2022, 6:32pm

trying server side XSS right now, can’t get it to work. Is this another rabbit hole?

Edit: nvm, found another exploit.

XmesutX · July 5, 2022, 4:49pm

I’m terribly stuck in root stage. any nudge can be very helpful

Nevuer · July 5, 2022, 5:06pm

Send me DM.

x0rn · July 6, 2022, 12:10am

hey all - I’ve hit a wall on Root, if anyone can give me a nudge in the right direction let me know

m00nan00r · July 6, 2022, 9:35am

need help, mey be found X** with download but Burp always crash when i send payload to read files

meowmeowattack · July 7, 2022, 3:43am

foothold

web dir enum
find a page to use your needle, use it rationally, not brutally
understand how to download
google for all possible html tags that can help you to read files
read a file that’s possibly storing a password
pe
what can be run as another user? there is a known exploit for this
once you are the other user, find out what other capabilities each program has
use your capability to intercept another process

CodingKoala · July 8, 2022, 1:49pm

Initial access:

OWASP Top 10

User 1:

Use the application, analyse its behaviour.

User 2:

User input is dangerous, mmkay

Root:

I’m sure you are capable of figuring this one out.

vx53h57 · July 8, 2022, 2:51pm

Is it normal that I got to download a PDF once, but ever since it has been impossible because the machine throws an error? Are you supposed to be downloading them from different subpages? Thanks!

schoobydrew · July 8, 2022, 7:41pm

check the output of id

RuthIsRoot · July 18, 2022, 12:55pm

Found the SQLi to bypass admin form and login as the admin user, also found the XSS.

I’ve tried to inject XSS data to read files when generating the PDF consulting this resource.

Right now im stucked. Any hint? DM me

tonycrypter · July 20, 2022, 4:40pm

now i understood why its funny man!

blackDiamond · July 22, 2022, 7:18pm

what tag to use to read file ? i have tried almost all tags but nothing is working … please DM me need your help

AverageGuy · July 23, 2022, 10:34am

Then you’ve some other tags left to test right Do it one will work. As a trick, you’re not limited to test one tag, you can throw all tags at once, download more files in one go… and look for the attachments.