Official Intentions Discussion

Official discussion thread for Intentions. Please do not post any spoilers or big hints.

1 Like

Hard Linux machine, I hope to have it completed before my birthday on Friday :face_with_hand_over_mouth:


Looking forward to learning something new


“Hello my friends, stay a while and keep hacking” - Deckard Cain

1 Like

sure is a tough one

1 Like

i’m still not able to figure out what the attack vector is

1 Like

Not sure but it must have to do with the new feature. Was able to get a 500 server error but nothing more …

i was able to get a blank page but how did you get 500 server error?

1 Like

i tried sqlmap already but doesn’t seem like there is sql injection:/

i could be wrong though

1 Like

ay same, high level with second_req was not very fruitful


Something interesting is that you could use nature\n and it still works


This is interesting, can give hints on the language used to parse the Favorite Genres, tried to dig more but still …

O_o i think i got something, not sure if it’s of any use though. since ffuf showed me before that there is a directory called /st***** but i wasn’t able to access it before cos forbidden. Then i did something to the javascript parameters and now everytime i login to the user, it goes to the st***** but throws a forbidden

I’m feeling you may be onto something there.

I’ve been looking at some of the burpsuite requests and maybe there’s something there Im just trying to find every where that accepts POST

e.g : /a**/v*/g******/i*****

1 Like

everytime we login, the request first goes to /st***** and then to /g****** which is why when i changed the value of the parameter, it is throwing forbidden. Atleast that’s what i think is happening

I don’t know if that interesting but if you tried to access /ga**** without authentication and changed the host header it’ll redirect you to the host and same in the jwt.

EDIT : in the jwt token admin = 0 so can we use the host header injection to make it 1?

1 Like

tbh something like that seems like the path, looks like the goal of the first part is probably to access the admin directory and somehow get foothold from there by changing the admin value on different accounts to 1

1 Like

either that or its a major rabbit hole