Official IClean Discussion

Official discussion thread for IClean. Please do not post any spoilers or big hints.

Roll up your sleeves and clean house on iClean! Ratings and reviews will help me get better and come back with trickier challenges.

3 Likes

Just rooted.
Not too difficult, Google will help you every step of the way.

1 Like

Just rooted.

User hint: First of all think about client-side web vulnerabilities.
Root hint: Do something with attachments.

1 Like

Found a way to gain access but still unable to exploit it. Im trying to figure out how to obtain the shell. I tried several things on that attack vector.

Just rooted, I want to share a little nudge: for user to get revshell when you have found the s*** vulnerability be careful with encoding see some hexamples on google :wink:
For root just read what you cannot read.

After you generate one invoice you cant change the details for any other invoices you create after that, even if you enter new details… It only works if you reset the box… Is this a bug or is this supposed to be like this ?

Spent a lot of time trying to troubleshoot “Match and replace” function in burp to add a header to every request and then found out I wasn’t seeing the proper response for the page because it wasn’t in fullscreen so there’s a tip I guess.

Great machine, I’m stupid.

1 Like

Stuck for most of the day today. If I may ask, does this have a subdomain? I can never get the subdomain right with the htb boxes.

dont enumerate, just try to understand the mechanism of how the app works, you already have almost anything you need

Finally pwned! @samushi gave a good tip. I wasted a lot of time testing and enumerating a lot of things.

You have to enumerate everything on this machine.

Learnt new cool things :slight_smile:

Does anyone have any hint to suggest for user?
I spent more time in enumeration but nothing useful found :cry:

It can be a bug, but it’s should not come in your way to exploiting it

Hint - Check if you see your reflection! :mirror:

1 Like

I have reflection but the c***** value could not appear :cry:

1 Like

Rooted - fun box! Feel myself getting better and better, thanks htb.

foothold - check all the inputs.
user - enumerate the application - think about best practices.
root - think about what you have and what you can do with it..

1 Like

Congratsss :partying_face:

1 Like

I have been trying alot of different payloads, I would get reflection but no cookie. Any advice?

Try IMG payload with “onerror”