Official Paper Discussion

Official discussion thread for Paper. Please do not post any spoilers or big hints.

4 Likes

Hope y’all have fun with the box and I wish every easter egg gets found.
Happy hacking guys!

14 Likes

Struggling with this one, Any pointers?

same, still going at it, trying a few new ideas, thrown most of the usual at it.

Please any hint

If you’re like me and are completely stuck at the web d*r b**ting phase for a few hours, I recommend you try something out of your comfort zone. Something like n*k*o.

2 Likes

I saw there is weird behavior when you try to access a php file. Is there a reverse proxy or something to exploit?

PM me if you need a hint.

1 Like

Really Solid box with great bread crumbs along the way. Thank you @secnigma!
DM if you need a nudge

2 Likes

Struggling really hard with that, I’m pretty new to CTF. Tried searching for CVE’s for the Apache Version, bruteforcing the SSH Login, scanning all URLs, looks like a default Webserver to me… Any hints where to look? Would love to get a pm :confused:

It looks like there’s an exploit sitting on the server called pk.sh, is this part of the CTF? Or did someone accidentally add a file?

2 Likes

It’s intentional. Nobody placed it there. Also, release arena gives you a private instance, so it’s not possible.

It wasn’t intentional.
The script was accidently placed there by the testing team.
It is patched now.

It wasn’t intentional.
The script was accidently placed there by the testing team.
It is patched now.

Too bad I rooted the machine before the fixing. The intended way for root involved p—t or was completely different?

1 Like

Argh, I just got back in the machine after taking a break, got a shell, and spent 15 minutes looking for the script, lol. Time to do this the right way.

1 Like

I’ll DM you.

Rooted, if you need help, don’t hesitate to contact me. :slight_smile:

Rooted.

Foothold: talking helps

Root: EZPZ if you keep an eye on the news

I used n*k*o to find the “x-backend-server”, but I am unable to connect to http://******.*****/ for some odd reason. Firefox gives a Server Not Found error and says that it can’t connect.

2 Likes