Official Headless Discussion

Official discussion thread for Headless. Please do not post any spoilers or big hints.

That wasn’t too bad. Good luck everyone!

Probably a little too easy - still fun, but over too fast.

1 Like

Have a lot of leads. Tried several related “snacks” and such. However, I am totally stuck. Any hints you can give without spoiling?

What have you tried so far? Pay attention to the error message.

1 Like

I finally figured it out. I was trying in the wrong place… if that makes sense.

Any useful hints ? i got no idea what to do after playing with requests .

the root was very easy .Owned Headless from Hack The Box!

Any1 able to give hints, feel as if I have fallen down a rabbit hole by over complicating it. It feels like I have tried everything yet I have nothing in return.

Nice VM, fairly easy foothold, and very, very easy root part


Why do I have this on firefox and can’t see properly website?

Owned, free dm to hints.

1 Like

Is the is_admin cookie flask-based or do I have to reverse engineer how that works on my own? flask-unsign is still chugging away so idk if that’s working

check dm

Finally Did it…Machine is easy,particularly root…User got tense for me as my payloads were not landing…Had to reset the machine for it to work…

Has anybody faced the situation when you need to submit payload more then one time in order to make it work? How it can be explained?

Cool and easy machine.

DM for hints

Got a little lost due to missing an integral part in my enumeration. Overall it was an interesting experience and a pretty fun one!
Anyone needing help hit me up,
Good luck everyone!

any hints guys ? i see everyone saying so easy but i guess im over complicating it xD

When I change is_admin to the value I got, the web page returns this

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

I’ve reset the machine twice and it’s still the same