Official Late Discussion

Wolfstorm · June 9, 2022, 11:46pm

Finally got the first bit done. Successfully uploaded and results received.

Just to verify:

Nimbus Mono
If you get an error with any part of the code bold it!! (That’s how I got my results)

Finally rooted.

staz · June 13, 2022, 12:11am

I think im just stop this for now.

I am already like 150+ SS in and the image format that was working perfectly fine suddenly stopped working, sad

Extremely frustating machine.

And the index of Popen class keep on changing, lol

robinas · June 17, 2022, 9:41am

This one took much longer than expected.
For those stuck on the font, I was successful with MS Word. Font used was consolas.
In word’s font settings go to advanced. I played around with Scale and Spacing to fix those pesky underscores.

Root is straight forward when using awesome enum (mentioned before) look for things that you can change.

turme · June 20, 2022, 12:05am

Vulnerability of box is clear. You can just google and find lots of information about that. The annoying part of the box is getting the user. To get user you should adjust your payloads without {} and try to understand which parts of your payload not readable by application. Probably you will have some extra spaces and missing "_ _ ". So after analyzing this try to change these parts in your payload. Use some different fonts, use bold option of font. And when your payload will be understandable by app add your missing {} part .

After getting the user, just use basic priv esc tools and some continuously process reading thing. You will understand it and got it.

If any question feel free to ask me.

ph0bos · June 20, 2022, 12:50am

500 Internal Server Error on that page when i try to upload an image. Is just my issue or is general? I’m in the US Free 1. I’ll be glad if someone can check it out.

tbarrettjr93 · June 21, 2022, 11:03pm

i was able to get /etc/passwd but the other command i cannot get. have tried over 130 screenshots. can anyone message me?

ChevalDeQuatre · June 28, 2022, 2:12am

Ok! I am absolutely losing my mind here, I’ve tried all the fonts in gimp, tried sizes from 36 to 300. Can’t manage to find a single on that gets the job done, extra spaces, underscore missing, wrong quotation marks. I’ve been losing my mind, please someone tell me how you made it work…

proteus.bitco · June 30, 2022, 8:43am

search in google “online text tools” Text to image converter. Choose options font size 46, Monospace, padding 10, PNG format.

useruser · June 30, 2022, 10:41am

Useful site to read

https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/

leo · June 30, 2022, 6:27pm

Getting the right font, etc is painful. After frustrating attempts, I noticed that taking screenshots from the kali terminal (with Hack font), worked almost flawless (I zoomed in to the max). Only the 0 was a bit tricky…
Hope it helps to relieve some frustrations.

happy h!