Official Prying Eyes Discussion

Official discussion thread for Prying Eyes. Please do not post any spoilers or big hints.

Nice challenge, if you need help DM on Discord: mathysEthical#1861


How to bypass the .avif extension ?!! :disappointed:

1 Like

Nice challenge!

Nice challenge, more to the easy side, just struggled at the final step - do not rely on other hackers’ tools :wink:

1 Like

Fun one, but got me caught for a few hours. It does require some reading and deep diving into the documentation for the key tool(s) involved. Kind of difficult one to give any further hints about which wouldn’t spoil it, but feel free to message for more hints.

1 Like

I’m a bit stuck now. Without spoiling too much, for some reason the exploit generators I tried generate a payload that does not work if the target file has a . in the name. For example: myflag works but myflag.txt does not work. I would appreciate any help.

Edit: A few minutes later and I solved it. If you believe you are encountering the same issue as me, try using a different tool to review your result. Maybe one on GitHub.

Fun challenge

I can get access to /etc/passwd file but couldn’t find flag.txt pass. Who can give any hint to this?

Look at the Dockerfile.

1 Like

This is a nice challenge! I solved it on my own in 2 days! But I’m curious about how you guys bypass the image file format extension? I think I have the intended solution but I can’t find a walkthrough online.

Thanks to the author, had to look deep into the ‘tool’ but it was a fun one.

Hint: remember, the library in the code is just a wrapper to the CLI.