Official Retired Discussion

system · April 2, 2022, 3:00pm

Official discussion thread for Retired. Please do not post any spoilers or big hints.

Jocker · April 3, 2022, 5:11am

i got the L** but don’t known how to use that don’t have permission to read de* files

MehhSecurity · April 3, 2022, 7:04am

Are you surreeeee you found a L**?? Like 100% sure?

Jocker · April 3, 2022, 7:05am

yup

MehhSecurity · April 3, 2022, 7:10am

I’ve spent 4 hours on this box. Quite frustrating. I early on noticed the … I won’t call it a L**, I’ll call it a parameter. I used this parameter to look at a particular file to make sure it was a true L** and learned things there. Are my answers in that file or is this a super unrealistic rabbit hole?
I’ve read loads of logs, visited github pages. This sucker is static as it gets. No cookies or anything. I can make my browser do loads of things …um…remotely … if you will… but nothing touches the server. I don’t even want the points this far in. I just want to know how.

MehhSecurity · April 3, 2022, 7:11am

@jocker ^^ this hints at why I ask.

flast101 · April 3, 2022, 7:50am

I guess this L** just allow to read what you need to know to submit the right file… However, I can not find what should be the right file to submit.

flast101 · April 3, 2022, 7:53am

At least, now I know what kind of icenses and permits I need to farm ostrich and emus lol

tec · April 3, 2022, 12:19pm

~~i found a vuln via L** enumeration, and i can interact with it via R**, but cannot find a way to exploit it via this limited surface.~~
Got the bridge page. did not enumerate enough.

dronf · April 3, 2022, 1:25pm

Anybody want to compare notes?
I’m not any further then the other posters here. With the L** I could get a bi****y though, which shines some light onto what is happening on that local elite port. Still could not trigger any RCE yet though.

tec · April 3, 2022, 1:44pm

keep enumerating. there are more pages than default.

dronf · April 3, 2022, 1:46pm

i got that. i even got the bi—y that stuff is sent to in a*******_l*****.***

dronf · April 3, 2022, 1:52pm

just this moment i got the l*****.s***** ok, maybe that’ll help

tec · April 3, 2022, 1:54pm

oh. alright. i got the bi—y before find the page.
extra info from L** helps exploitation.

MehhSecurity · April 3, 2022, 5:45pm

I ran dirbuster against the http://IP/ as well as fuzzed the page= with the medium dictionary. What voodoo magic are you guys using to find this other page?!

ice2004 · April 3, 2022, 5:46pm

Just keep in mind that size does matter.

reedveggleston · April 4, 2022, 12:03am

It’s important to tell the tool what types of files you are looking for.

tec · April 4, 2022, 12:05am

download and analyze it, then enumerate more to break some of the protections （taking advantage that you have more than the binary).

OscarBlack · April 4, 2022, 3:08pm

How did you manage to find the b****y?

tec · April 4, 2022, 3:16pm

Enumerate proccesses via LFI, or guess from php file

Topic		Replies	Views
Official Resource Discussion Machines	156	4477	November 23, 2024
Official Horizontall Discussion Machines	173	24726	August 1, 2023
Sniper Machines machines , machine , boxes , sniper	444	66830	March 28, 2020
Official Interface Discussion Machines	98	5952	May 13, 2023
Official RegistryTwo Discussion Machines	75	4864	August 6, 2023

Official Retired Discussion

Related topics