Official Micro Storage Discussion

htbapibot · September 17, 2021, 8:00pm

Official discussion thread for Micro Storage. Please do not post any spoilers or big hints.

CryptoCat · September 21, 2021, 3:55pm

took me a while to work out what to research here, especially as it’s a “misc” challenge… could be so many things. got there in the end and it was actually a really tarrific challenge imo, nice work @hfz!

busshi · October 16, 2021, 8:32pm

Finally did it !!! Nice challenge. Easy if you know what you are looking for !!! Look good at the available options to find a way…

return55 · December 23, 2021, 3:26pm

Good challenge. If you have no idea, try to figure out which commands are executed for each option. Feel free to message me for hints.

icetre · April 18, 2022, 6:57am

Just wanted to post this so others don’t waste as much time as I dd with it. If you can’t seem to get the service to do much; likely you’re using telnet as I was.

If you’ve telnet in, the script will not take your input. See below:

1 => Upload a new file (10 file(s) remaining)
2 => List your uploaded files (0 file(s) uploaded so far)
3 => Delete a file
4 => Print file content
5 => Compress and download all your files
0 => Quit (you will lose your files!)

Choose an option: 1
[-] No such option.
1 => Upload a new file (10 file(s) remaining)
2 => List your uploaded files (0 file(s) uploaded so far)
3 => Delete a file
4 => Print file content
5 => Compress and download all your files
0 => Quit (you will lose your files!)
Choose an option:

If you use nc instead; it works fine.

1 => Upload a new file (10 file(s) remaining)
2 => List your uploaded files (0 file(s) uploaded so far)
3 => Delete a file
4 => Print file content
5 => Compress and download all your files
0 => Quit (you will lose your files!)

Choose an option: 1
[] Enter your file name: fjfjf
[] Start typing your file content: (send ‘EOF’ when done)

basic.swoon_0r · August 10, 2022, 2:43pm

Its quite nice challenge though :). It really took me some time to figure out what to do, but all the efforts are worth at the end :). If someone needs some hints, can contact me. I will be glad to help.

Lnevx · November 20, 2022, 4:54pm

F to those who tried to send Ctrl+D, but not manually type ‘EOF’ . PM me if you need a nudge

DCraddockPOR · March 3, 2023, 11:00pm

Late to the party here.
I think I way over-complicated this one. I got the flag but am unsure how what it refers to could be useful. Anyone else use time-based blind RCE? If you used what was mentioned in the flag, how so?

dphantom · April 2, 2023, 3:40am

The filename seems to be sanitized so none special chars can be placed, also the contents of the file don’t allow to show env variables so I might be missing out with something with the other options… any guess?

redtrib31 · November 6, 2023, 1:49pm

That challenge was great, and easy except me overthinking. if you’re stuck, stop trying to own it, work towards the objective. and remember that everything is a command in linux