Official Photobomb Discussion

Nevuer · October 15, 2022, 9:09pm

check what you can download

cybershell · October 16, 2022, 8:42pm

Could someone assist me with gaining root access? I’ve already managed to get user flag.

Wiiz4Rd · October 17, 2022, 8:34am

Rooted.
Hint for user:
Take a close look at the parameters and try to add something after them. Look at the result.
There are no LFI here. Try to find a blind command injection.
For root:
Maybe using the PATH can help?

Cerv1 · October 19, 2022, 12:51pm

Rooted!

Thanks a lot to @Nevuer for the hints.

For the rest of the people, I think everything has already being said here:

For user: Check the download request and its parameters
For root: There’s something the user can execute… Could we modify the PATH for it?

DomadordePombo · October 19, 2022, 9:18pm

Hello, can someone help me? It’s giving me 504 time out and the nc didn’t receive the rvshell

AmanJoo · October 22, 2022, 3:01pm

any hint for root ???

riboyster · October 22, 2022, 5:53pm

Any hint for user? Not getting anywhere messing with the Post data and this is supposed to be an easy box…

achapman · October 23, 2022, 2:29am

Is anyone able to dm me a nudge on the user? I’m as the ‘second’ stage and have a basic idea of something that is giving me some additional information than intended. But I have been at this for hours and haven’t been able to make progress.

windscreen · October 23, 2022, 4:07pm

perhaps u wanna inspect the site .?

mrgod · October 23, 2022, 5:34pm

ROOTED…!!! really nice box…if u guys stucked anywhere…just dm for hints…!!!

achapman · October 23, 2022, 7:24pm

ah okay, I got user. I feel a bit dissapointed that I needed so many hints, but I spent too much time on this box .

Like everyone else said, the hints are here. The solution isn’t incredibly trivial, but also pretty straightforward.

windscreen · October 24, 2022, 10:31am

inspect the site

lamprunsyou · October 25, 2022, 1:21pm

Uhhh, so i’ve found the photobomb.js file but all it shows is the text “oui” and no javascript. This just seems weird and i doubt is part of the machine, anyone know what this is or why this is?

riboyster · October 25, 2022, 5:32pm

That’s strange. Not ringing a bell for me. Try restarting the machine. I’ll PM you what it’s supposed to be if that doesn’t work.

riboyster · October 25, 2022, 7:38pm

Finally got user flag but I had to look up a writeup. There was nothing easy about that solution and I probably never would have come to it without being told. Not sure how everyone else is finding this stuff.

pseudoengaged · October 25, 2022, 8:06pm

Root was 100x easier than user. User was pretty tricky, but luckily I have burp suite pro which found it for me I’m not sure I would have come across it otherwise

dampkring · October 26, 2022, 3:17pm

This one has been a challenge! When I tried to establish a reverse shell it appears to work / says the connection has been established but I’m unable to get a response back when I run commands.

Edit: finally got user!

ozneaf · October 26, 2022, 8:16pm

Error code (500 Internal Server Error) when I try to go further with params. Is it a vm error?

dampkring · October 27, 2022, 5:38pm

Finally rooted!!! Great box.

ozneaf · October 27, 2022, 6:53pm

Keep always network concepts! Owned