You need to add the domain name to your hosts file in order to your web browser to be able to redirect to the correct IP.
1 Like
gus i got that error
Error occured while processing the image: unexpected char āāā at 59
i dont know why i got but the paylod was clean
Play with font, font size, and kerning. You will find a perfect one that the backend program can process.
Typical SSTI is done through URL injection, or forms. This is unique. The āappā that processes image to convert the text doesnāt understand some characters like underscores, dashes, quotes, etc. So play with fonts that the app can understand test it out, once you see it prints the characters fine, build a payload. It will take some time and playing around to get the right font and size (also font kerning).
Thanks got the upload page.
I am having the same problem. Did you manage to submit them eventually?
What sort of post can I submit here? Any specific advice?
same , did you managed to solve this problem?
it involves the /etc/hosts file
User: SUCKS trying to enumerate the vulnerability with that behavior is rough. I found the font used on hacktricks worked real nice, no size adjustments necessary, just inspect element to change your text and plop that into mspaint.
Root: Seeing what processes executed by root is always handy if you get stuck with your standard privesc information
Hello. I am stuck on the Late machine. Iāve tried brute forcing directories and default ssh credentials. No luck. I finally found the subdomain i*****s. I have found the flask framework. I tried to put a python script into a file and convert it to an image. No luck.
Any help would be greatly appreciated.
Look into common flask vulns and try playing with the image reader more
This is an interesting box. Many people have taken a picture of a check and had it converted. If you are struggling, start with simple payloads and work your way up.
Make shure that the menu where you select the server (main site of hackthebox) is green.
If it isnāt you need to select a server and download the ovpn of the server that was selected there.
Now do the same steps again on the server to obtain the flag.
This time it should work.
Atleast I was having the same problem and was expecting that someone changed the files.
(or that I need to crack those flag-hashes ā¦ but you donāt ā¦ you just use them)
PS:
I guess it would reduce the amount of machine resets, if people would know that this could be the source of that problem.
Using an old vpn-setting and ignoring that status on top right and you are trapped in at the āincorrect flagā-problem.
It matters the correct font and size in my cases helped the online text editor.
I received the data (passwd), but I can not figure out how to connect to the machine
Aria 24 Šø Š²ŃŠµ ŠæŠ¾ŃŠ»Š¾
i know what to parse operation like 7*7 is working but when im using python this things happend and i havenāt my result.
Error occured while processing the image: unexpected ā/ā
can someone help me on this ?
I am stuck on the late machine. I try to several times font size. (monospace 36). I couldnāt get anything.
Something is wrong but I canāt find that
1 Like
pfff i tried every fonts and size and cells spacing since yesterday and no one works itās really frustrating to now what to do but the machine wonāt work properly
I like Aria 24 font my favorite :ŠæŠ¾Š“Š¼ŠøŠ³ŠøŠ²Š°Š½ŠøŠµ: