Official Gunship Discussion

Official discussion thread for Gunship. Please do not post any spoilers or big hints.

OK so I have done this before and now I can’t, what’s changed can I get confirmation it has a changed vuln from when I first saw the challenge. Hard not to write a spoiler.

*Spoiler Removed*

somebody?

I suggest you to check the list of packages again.

I would not rate this machine as “very easy”, however it was good experience. If you are stuck - look at the source code, obviously. If you have found the matter of interest and the output is not what you expected, try to think out of the box. There are enough articles about what you looking for, however there is a little twist to it. Also, Burp is your friend.

Good day colleagues! I solved this box, it turned out to be quite interesting. I subscribe to the comment above. I can hint that you need to look closely at the source code and read that article on ast. A little patience and attention.

interesting box… “very easy” idk about that. I will say if you can google you can beat this box… good stuff to learn! Tools you will need: Burp, Firefox, Google

Hey guys, I’m very new and I started this box because it’s marked “very easy”. I’m having an immense amount of difficulty with the last part. I don’t want to spoil, but I’m really really stuck. I will be the first to admit, I’m in over my head. I have RCE, but I’m really stumped on what next. If I’ve given away too much, let me know. I would appreciate a pm with a nudge to help me finish.

Type your comment> @sickenxo said: > Hey guys, I’m very new and I started this box because it’s marked “very easy”. I’m having an immense amount of difficulty with the last part. I don’t want to spoil, but I’m really really stuck. > > I will be the first to admit, I’m in over my head. I have RCE, but I’m really stumped on what next. If I’ve given away too much, let me know. I would appreciate a pm with a nudge to help me finish. If you have RCE, then u just need to read content from flag file in application folder It’s basic stuff for any web challenge

Type your comment> @Mortido said: > If you have RCE, then u just need to read content from flag file in application folder > It’s basic stuff for any web challenge Thanks for replying to me. I can’t get a shell and I don’t have the permissions to read certain files. Maybe my understanding of RCE is incorrect. It’s really hard to explain my issue in detail as I don’t want to spoil the box for anyone.

Ok… I finally managed to do it. I would say that this was not very easy for me, but I learned so so so so much. The articles are accurate, but you cannot just blindly follow, you have to throw a spin in there at the end. I’m really happy to have completed this, I was definitely feeling a bit defeated by it.

is it possible that node version was upgraded and the vulnerability was patched? I can’t seem to use the RCE vulnerability, I even tried to follow a writeup I found with the same vulnerability and it didn’t work. what am I missing?

any nudge on this challenge?

Well, all the comments so far are pretty right :smiley:
Check out the writeups of the previous challenge with the similar name and you are on the right track.

1 Like

Okay I got flag finally, my 2 cents are do NOT forget to download necessary files to play challenge :man_facepalming:

Wow, this was a fun one. I’m pretty new to HTB and hacking in general so after messing around for a while I cheated a little and looked at a writeup. At first I thought it didn’t help… but it set me on the right path! For anyone else struggling: you could be using the wrong exploit for that particular vulnerability!

Done!!! A really good challenge, if you need some help let me know.

The real breakthrough came once I realised that there were files to download.