Official Photobomb Discussion

system · October 8, 2022, 3:00pm

Official discussion thread for Photobomb. Please do not post any spoilers or big hints.

NovaNuke13 · October 8, 2022, 8:01pm

I found the endpoint with the login for a printer, but there doesn’t seem to be credentials online for that specific printer. Am I missing something?

dynamo · October 8, 2022, 8:10pm

probably using sinatra webframework

DrGecko · October 8, 2022, 8:28pm

Look closer at the home page, try viewing some things.

barambolas · October 8, 2022, 8:57pm

I’ve tried with steganography in all photos but I dind’t find anything. I realised that sinatra webframework is used but i cannot look how can I exploit it. And I tried Directory T******** but nothing. Anyone with more info? Thanks

handsh4ke · October 8, 2022, 9:14pm

In the first part we have some in information in .js file

cnmprfx · October 8, 2022, 9:57pm

heh fun times

suryamathur · October 8, 2022, 9:59pm

I’ve got the authorization but I don’t know what to do now?
Anyone can hint me something?.

cnmprfx · October 8, 2022, 10:09pm

Auth and some verbose error messages

cnmprfx · October 8, 2022, 10:10pm

Maybe a username

Nevuer · October 8, 2022, 11:39pm

!! ROOTED !!

Nice machine, simple and entertaining.

Send me DM if you need help

gondragon · October 9, 2022, 2:41am

First time pwning a release arena machine! User flag wasn’t very hard… but I don’t know much about Privilege Escalation, so it took me some time to root.

hackertheworst · October 9, 2022, 4:18am

got root!

nice machine with basic foothold. Root wasnt difficult since something seemed irregular to me but definitely had me add something to my notes.

as always DM if you are stuck

5tr1d3r007 · October 9, 2022, 10:16am

Look closely to the parameters

batche · October 9, 2022, 12:32pm

Which parameters are talking about exactly ? I found also some stuff about sin***** but for now I’m not able to gather something interesting, except the port on the loopback address, but i think it cannot be exploited

randomGuy · October 9, 2022, 1:54pm

Need hint. please dm me. I’m able to view protected content.

v1p3r · October 9, 2022, 3:31pm

any recommended payload for LFI? or should I check manually?

tech77 · October 9, 2022, 3:50pm

hi
can you help me please on getting a foothold, i havent got a clue how to get the printer creds, ive also seen a page with something about sinatra on is that any use?
thanks in advance

batche · October 9, 2022, 4:11pm

Well, on my side I tried to put something in the field for file**pe on post rq, to perform a L*I, but nothing works for now. I’m pretty sure it’s something here, but nothing seems to work for now.

Nevuer · October 9, 2022, 4:14pm

Some hints for the machine

For user:

Use the web inspector, search into the links.
There is nothing local to read
A parameter will be your blind ally.

For root: The environment and cleaning is in your hands.