Official Pollution Discussion

Official discussion thread for Pollution. Please do not post any spoilers or big hints.

Hi, anybody online?

i hate this machine :face_exhaling:
now 3.25AM but … bye good night all

1 Like

Rooted. Very nice box! Very difficult and long, but everything comes into place.

this is one of first few times attempting a box this hard!! It’s been super fun! could I possibly get some help on api auth ?? I feel like I’m almost there but just missing this piece !!

DM me. There is an obvious path forward it appears you are missing.

any chance I could DM you a quick question as well? I’m feeling quite stuck on user after getting a shell and not sure about a couple things


Alguien me ayuda con una pista?

I cant figure out how to work with the API this is hard

I hate javascript. Can someone point me in the direction of some good documentation on prototype pollution?

I have done token impersonation on collect.htb and done also the same in developers.collect.htb but don’t know how to get remote shell using proxy chain generator.

Any one to help?

An excellent machine i was definitely able to learn few things from it, the PE part was quite interesting as its new for me.
For anyone stuck feel free to drop me a PM.

I found an **E vuln and exploit it to read a few files.

But maybe I am on the wrong way.

stuck at forum :expressionless:

Unexpected token in JSON :expressionless:

dm me if you need help

A nice machine. Thank you, @Tr1s0n!

FOOTHOLD : try to understand how to exploit api and bypass authent with simple enum.
USER : the api is vulnerable and permits server enum. Get the key on the other service. Change role and push rsa pub.
ROOT : there’s an internal port to exploit. No need for ssh tunneling.

Sorry if you think it’s too much info. I think, I’m vague enough.

STOP BRUTEFORCING! Guys what is wrong with you? Don’t use bruteforce for auth/register. Same sqlmap. CTF is not about bruteforcing. Stop breaking the box. Creating over 100 sessions every minute is not your task here! Just chill wtf


Why is this box getting reset 1000 times in a row, like literally ? I dont get it, really I dont. Someone pls tell me!