Official Pollution Discussion

system · December 3, 2022, 3:00pm

Official discussion thread for Pollution. Please do not post any spoilers or big hints.

CyFrA · December 3, 2022, 8:10pm

Hi, anybody online?

suraj · December 3, 2022, 9:55pm

i hate this machine
now 3.25AM but … bye good night all

JacobE · December 4, 2022, 2:40am

Rooted. Very nice box! Very difficult and long, but everything comes into place.

d3ception · December 4, 2022, 6:45am

this is one of first few times attempting a box this hard!! It’s been super fun! could I possibly get some help on api auth ?? I feel like I’m almost there but just missing this piece !!

JacobE · December 4, 2022, 4:49pm

DM me. There is an obvious path forward it appears you are missing.

downgrade · December 4, 2022, 5:46pm

any chance I could DM you a quick question as well? I’m feeling quite stuck on user after getting a shell and not sure about a couple things

JacobE · December 4, 2022, 5:50pm

Sure.

Gamakitin · December 4, 2022, 8:07pm

Alguien me ayuda con una pista?

Eyezik · December 6, 2022, 9:43pm

I cant figure out how to work with the API this is hard

AKozak · December 7, 2022, 1:11am

I hate javascript. Can someone point me in the direction of some good documentation on prototype pollution?

shahrouz · December 7, 2022, 1:51pm

I have done token impersonation on collect.htb and done also the same in developers.collect.htb but don’t know how to get remote shell using proxy chain generator.

Any one to help?

nullb1te · December 11, 2022, 12:05pm

An excellent machine i was definitely able to learn few things from it, the PE part was quite interesting as its new for me.
For anyone stuck feel free to drop me a PM.

mark0smith · December 15, 2022, 5:14am

I found an **E vuln and exploit it to read a few files.

But maybe I am on the wrong way.

shoebill · December 16, 2022, 2:29am

stuck at forum

shoebill · December 17, 2022, 11:32am

Unexpected token in JSON

XSSDoctor · December 17, 2022, 3:57pm

dm me if you need help

dylvie · December 31, 2022, 1:40pm

A nice machine. Thank you, @Tr1s0n!

FOOTHOLD : try to understand how to exploit api and bypass authent with simple enum.
USER : the api is vulnerable and permits server enum. Get the key on the other service. Change role and push rsa pub.
ROOT : there’s an internal port to exploit. No need for ssh tunneling.

Sorry if you think it’s too much info. I think, I’m vague enough.

m4rsh3ll · January 2, 2023, 7:47pm

STOP BRUTEFORCING! Guys what is wrong with you? Don’t use bruteforce for auth/register. Same sqlmap. CTF is not about bruteforcing. Stop breaking the box. Creating over 100 sessions every minute is not your task here! Just chill wtf

tropkal · January 6, 2023, 7:34am

Why is this box getting reset 1000 times in a row, like literally ? I dont get it, really I dont. Someone pls tell me!