Official Late Discussion

You need to add the domain name to your hosts file in order to your web browser to be able to redirect to the correct IP.

1 Like

gus i got that error
Error occured while processing the image: unexpected char ‘‘’ at 59
i dont know why i got but the paylod was clean

Play with font, font size, and kerning. You will find a perfect one that the backend program can process.

Typical SSTI is done through URL injection, or forms. This is unique. The “app” that processes image to convert the text doesn’t understand some characters like underscores, dashes, quotes, etc. So play with fonts that the app can understand test it out, once you see it prints the characters fine, build a payload. It will take some time and playing around to get the right font and size (also font kerning).

Thanks got the upload page.

I am having the same problem. Did you manage to submit them eventually?

What sort of post can I submit here? Any specific advice?

same , did you managed to solve this problem?

it involves the /etc/hosts file

User: SUCKS trying to enumerate the vulnerability with that behavior is rough. I found the font used on hacktricks worked real nice, no size adjustments necessary, just inspect element to change your text and plop that into mspaint.
Root: Seeing what processes executed by root is always handy if you get stuck with your standard privesc information

Hello. I am stuck on the Late machine. I’ve tried brute forcing directories and default ssh credentials. No luck. I finally found the subdomain i*****s. I have found the flask framework. I tried to put a python script into a file and convert it to an image. No luck.

Any help would be greatly appreciated.

Look into common flask vulns and try playing with the image reader more

This is an interesting box. Many people have taken a picture of a check and had it converted. If you are struggling, start with simple payloads and work your way up.

Make shure that the menu where you select the server (main site of hackthebox) is green.
If it isn’t you need to select a server and download the ovpn of the server that was selected there.

Now do the same steps again on the server to obtain the flag.
This time it should work.
Atleast I was having the same problem and was expecting that someone changed the files.
(or that I need to crack those flag-hashes … but you don’t … you just use them)

PS:
I guess it would reduce the amount of machine resets, if people would know that this could be the source of that problem.
Using an old vpn-setting and ignoring that status on top right and you are trapped in at the “incorrect flag”-problem.

It matters the correct font and size in my cases helped the online text editor.
I received the data (passwd), but I can not figure out how to connect to the machine

Aria 24 и все пошло

i know what to parse operation like 7*7 is working but when im using python this things happend and i haven’t my result.

Error occured while processing the image: unexpected ‘/’

can someone help me on this ?

I am stuck on the late machine. I try to several times font size. (monospace 36). I couldn’t get anything.
Something is wrong but I can’t find that

1 Like

pfff i tried every fonts and size and cells spacing since yesterday and no one works it’s really frustrating to now what to do but the machine won’t work properly

I like Aria 24 font my favorite :подмигивание: