Official Pollution Discussion

cz database spammed with records and I guess there is cron to restart some services to clear box state

hello can anyone tell what’s wrong with my **E Payload, i was able to read /etc/hostname only if i try to read /etc/passwd payload is not working.

it seems only files with one line can be read

1 Like

this is a rabbit hole, it’s far simple than crafting **E payload.

1 Like

Forreal? I was working on crafting the payload the whole time. Alright, back to the lab.

EDIT: Alright, you cleared it up really well below. Got it.
EDIT2: This box signup/signin functionality keeps breaking, and session cookies stop working too.
EDIT3: Stop bruteforcing, wtf, got me flushing the database just to keep this box alive.

i guess i was wrong you have to read files but remember you don’t need Full path :slight_smile:

1 Like

Can somebody pls help me with the root flag? I used “Prototype Pollution to RCE - HackTricks” as reference and also got a admin toke for Message_send but everytime I only get

SyntaxError: Unexpected token c in JSON at position 92… Error back i have no
idea what I’m doing wrong. I never used this kind of vulnerability

1 Like

Hi sorry I have problem with machine pollution not get connection the mysql . I have the username and password that I got in config.php but not connect. some solution. I not writed very good in english.

I needed some hints and guidance along the way, but finally rooted. This was one of the best boxes I ever played; very very well thought out. Thanks @Tr1s0n !

1 Like

Hey, can I DM I need little help with the Box?

Finally rooted this box! A big thanks to @htbserge for tips on getting the foothold :smiley:
Both user & root are not that hard but very fun and taught me quite a few new tricks. Superb machine overall. If anyone needs a few hints feel free to PM me

Hi guys! I have a problem connecting to a mysql. Has anyone had the same problem?

Really nice machine, learn a new interesting technique, not too much hard but really tricky, i you have some questions dm me, i hope to have some time for help the stuck guys :laughing:

just get a better shell :wink:

hi, please i am stuck at the admin api endpoint. I would appreciate a hint on the progressing

yeah, just give me a minute, let me exactly in which point are you

i am trying to use the php_filter_chain to get rce. it says uri is too long.

thanks for the quick response.

you’re in the right way

i have tried my best to get the payload decreased but its not just working… please i really need your help this once

i did some days ago and now i can’t remember why my payload work or what ahha, but i saved the commands i used to get the user and root flag, if you want i can send you the main curl command, that will open to you the way of the goal ahah