Official Paper Discussion

system · February 5, 2022, 3:00pm

Official discussion thread for Paper. Please do not post any spoilers or big hints.

secnigma · February 5, 2022, 5:13pm

Hope y’all have fun with the box and I wish every easter egg gets found.
Happy hacking guys!

jeffstu · February 5, 2022, 9:23pm

Struggling with this one, Any pointers?

IAmNotAMonk · February 5, 2022, 9:28pm

same, still going at it, trying a few new ideas, thrown most of the usual at it.

vanderma · February 5, 2022, 10:15pm

Please any hint

johnnyvf24 · February 5, 2022, 11:56pm

If you’re like me and are completely stuck at the web d*r b**ting phase for a few hours, I recommend you try something out of your comfort zone. Something like n*k*o.

skyawesome73 · February 6, 2022, 12:34am

I saw there is weird behavior when you try to access a php file. Is there a reverse proxy or something to exploit?

johnnyvf24 · February 6, 2022, 1:25am

PM me if you need a hint.

Harbard · February 6, 2022, 2:32am

Really Solid box with great bread crumbs along the way. Thank you @secnigma!
DM if you need a nudge

JAKAMI · February 6, 2022, 2:48am

Struggling really hard with that, I’m pretty new to CTF. Tried searching for CVE’s for the Apache Version, bruteforcing the SSH Login, scanning all URLs, looks like a default Webserver to me… Any hints where to look? Would love to get a pm

King0f5tocks · February 6, 2022, 9:17am

It looks like there’s an exploit sitting on the server called pk.sh, is this part of the CTF? Or did someone accidentally add a file?

DrDragon79 · February 6, 2022, 9:27am

It’s intentional. Nobody placed it there. Also, release arena gives you a private instance, so it’s not possible.

secnigma · February 6, 2022, 2:18pm

It wasn’t intentional.
The script was accidently placed there by the testing team.
It is patched now.

secnigma · February 6, 2022, 2:22pm

It wasn’t intentional.
The script was accidently placed there by the testing team.
It is patched now.

alemusix · February 6, 2022, 3:40pm

Too bad I rooted the machine before the fixing. The intended way for root involved p—t or was completely different?

King0f5tocks · February 6, 2022, 3:57pm

Argh, I just got back in the machine after taking a break, got a shell, and spent 15 minutes looking for the script, lol. Time to do this the right way.

secnigma · February 6, 2022, 4:11pm

I’ll DM you.

OldProgrammer · February 6, 2022, 5:53pm

Rooted, if you need help, don’t hesitate to contact me.

dalemazza · February 6, 2022, 11:16pm

Rooted.

Foothold: talking helps

Root: EZPZ if you keep an eye on the news

Malrius · February 7, 2022, 12:39am

I used n*k*o to find the “x-backend-server”, but I am unable to connect to http://******.*****/ for some odd reason. Firefox gives a Server Not Found error and says that it can’t connect.