Official discussion thread for Gunship. Please do not post any spoilers or big hints.
OK so I have done this before and now I canāt, whatās changed can I get confirmation it has a changed vuln from when I first saw the challenge. Hard not to write a spoiler.
*Spoiler Removed*
somebody?
I suggest you to check the list of packages again.
I would not rate this machine as āvery easyā, however it was good experience. If you are stuck - look at the source code, obviously. If you have found the matter of interest and the output is not what you expected, try to think out of the box. There are enough articles about what you looking for, however there is a little twist to it. Also, Burp is your friend.
Good day colleagues! I solved this box, it turned out to be quite interesting. I subscribe to the comment above. I can hint that you need to look closely at the source code and read that article on ast. A little patience and attention.
1 Like
interesting boxā¦ āvery easyā idk about that. I will say if you can google you can beat this boxā¦ good stuff to learn! Tools you will need: Burp, Firefox, Google
Hey guys, Iām very new and I started this box because itās marked āvery easyā. Iām having an immense amount of difficulty with the last part. I donāt want to spoil, but Iām really really stuck. I will be the first to admit, Iām in over my head. I have RCE, but Iām really stumped on what next. If Iāve given away too much, let me know. I would appreciate a pm with a nudge to help me finish.
Type your comment> @sickenxo said: > Hey guys, Iām very new and I started this box because itās marked āvery easyā. Iām having an immense amount of difficulty with the last part. I donāt want to spoil, but Iām really really stuck. > > I will be the first to admit, Iām in over my head. I have RCE, but Iām really stumped on what next. If Iāve given away too much, let me know. I would appreciate a pm with a nudge to help me finish. If you have RCE, then u just need to read content from flag file in application folder Itās basic stuff for any web challenge
Type your comment> @Mortido said: > If you have RCE, then u just need to read content from flag file in application folder > Itās basic stuff for any web challenge Thanks for replying to me. I canāt get a shell and I donāt have the permissions to read certain files. Maybe my understanding of RCE is incorrect. Itās really hard to explain my issue in detail as I donāt want to spoil the box for anyone.
Okā¦ I finally managed to do it. I would say that this was not very easy for me, but I learned so so so so much. The articles are accurate, but you cannot just blindly follow, you have to throw a spin in there at the end. Iām really happy to have completed this, I was definitely feeling a bit defeated by it.
is it possible that node version was upgraded and the vulnerability was patched? I canāt seem to use the RCE vulnerability, I even tried to follow a writeup I found with the same vulnerability and it didnāt work. what am I missing?
any nudge on this challenge?
Well, all the comments so far are pretty right 
Check out the writeups of the previous challenge with the similar name and you are on the right track.
1 Like
Okay I got flag finally, my 2 cents are do NOT forget to download necessary files to play challenge 
Wow, this was a fun one. Iām pretty new to HTB and hacking in general so after messing around for a while I cheated a little and looked at a writeup. At first I thought it didnāt helpā¦ but it set me on the right path! For anyone else struggling: you could be using the wrong exploit for that particular vulnerability!
Done!!! A really good challenge, if you need some help let me know.
The real breakthrough came once I realised that there were files to download.
Hi @rotp! I am quite new to the cybersecurity field and this is one of my first challenges. Just choose this one because of the āvery easyā label but if really does not seem so easy for me right now. I am a bit stucked after reading a couple of writeups, so still no RCE and not sure about the specific exploit to achieve it. Could you give me some hints by pm? thanks!