Official Sea Discussion

wind010 · August 11, 2024, 8:30pm

Having a many attackers on the machine is curse and a blessing. The look at what the exploit is trying to do.

ethical83 · August 11, 2024, 9:40pm

no this machine is not easy

ATGTFRE · August 11, 2024, 9:55pm

Can someone please share some hint instead of saying they got the foothold and that it is easy.

LiquidFlame · August 12, 2024, 1:16am

I feel like I’m very close, but I can’t for the life of me figure out where my script gets uploaded to.

insomnia · August 12, 2024, 1:27am

maybe a form

GetRocked77 · August 12, 2024, 4:19am

Rooted! Took me a while

tr0uble3sh00ter · August 12, 2024, 4:31am

I am really trapped in this machine may be need help now every time I tried to get sh3ll from website it does not work??
Any hint?

insomnia · August 12, 2024, 4:35am

try to get cookies and not a shell, then perform manual rce if you can’t get rce

tr0uble3sh00ter · August 12, 2024, 4:38am

ok, i will try it

Ashishgupta · August 12, 2024, 8:23am

Is there a way I can completely reset this seasonal machine? The issue is that even after resets, the exploit endpoint still remains there. My assumption is that it should clear by itself…I am not sure if any other player triggered the exploit and I merely used it for foothold!!!

PS: Can someone please try and check if the machine resets to default clean slate after switching VPN/resetting?

For me the box does not reset to a clean default state - How can I fix this? Please help.

Ashishgupta · August 12, 2024, 8:41am

Okay the machine is easy because we do not have to exploit anything for foothold → Everything is already there. We just need to call it. The software is built and shipped with exploit LOL
This does not really makes sense - what a rabbit hole this is.

pavka · August 12, 2024, 9:04am

Is the machine working properly?
I get some responses from the XSS but if i try to request for example /test from my server, it dosen’t work and i still recive responses only for /

flubbywalrus · August 12, 2024, 9:07am

@insomnia 's hint above about the cookies is what got me in there

joher · August 12, 2024, 9:11am

Rooted. From my point of view, the root is “Very Easy”. However I did not get root access to the machine, just read a flag.

UPDATE : after reading a source file, get root access too.

cdotl · August 12, 2024, 9:39am

the dir’s are all in the html source… remember some OS’s are case sensitive too!

ambr3ak · August 12, 2024, 9:43am

Hi, can i dm someone about the foothold? Im stuck with the cookie stealing.

joher · August 12, 2024, 9:45am

Wow . It is true. The reverse shell is already in a box after restarting.

spuria · August 12, 2024, 11:59am

got root, thanks @Ashishgupta and @SouLXIX for reminding me that I’m an idiot kidding, thanks guys

spuria · August 12, 2024, 12:06pm

if you did what I did in the same way you can do a lot more, just tweak the payload

vawrgahwqgjd · August 12, 2024, 12:19pm

It might be necessary to reset the box so that you may submit forms successfully.

Topic		Replies	Views
Official Resource Discussion Machines	153	4656	November 23, 2024
Official Compromised Discussion Machines	210	22218	January 25, 2021
Official Sightless Discussion Machines	310	13055	January 8, 2025
Official Worker Discussion Machines	303	30074	March 4, 2021
Official Runner Discussion Machines	178	6829	August 31, 2024

Official Sea Discussion

Related topics