Official Spider Discussion

Deleting the cookie from your browser helped me resolve 500 errors. Resetting does not seem to help

maybe there was an issue on the backend sending the response object. it’s something totally unrelated to request cookie, and only manifesting in release arena. trust us guys we’re not crazy lol. maybe it was resolved by now or ephemeral, idk i already finished this box.

got root. Dm if need help with steps you did.

Rooted right now. Really a nice a machine!!
For 500 response errors, delete your cookies, if you have deleted them restart the machine.
User: don’t overthink it is all in front of you, be sure to look on all pages available. If you know how it is built you can control it. Don’t trust your eyes and trust what have you seen until now. Fight your limits, the backend technology provides you all the the bricks you need.
Root: it is not too different, think to what the server evaluate…

DM me if you need hints.

one of the best box i played recently, excellent to explore this kind of vulnerability.

Amazing box, really enjoyed playing with the payloads :slight_smile:

Oh dear…seems like an epic fail on enum for me. I only see a small number of endpoints and have tried the usual attacks on them but not getting anywhere. Gobuster turned up nothing that I couldn’t get with manual review - any nudge for what I’m missing?

Rooted.
Foothold/user: analyze carefully what is in front of you. A specific issue will allow you to do nice stuff that will help you “secretly” recover something. Iterate this issue and finally you’ll land on target.
Root: enumeration is key, once you uncover something look beyond what you see. Analyze everything something odd should not be “allowed”! For me this was the first time I used this kind of scenario within HTB so it was cool to learn something new.

Thanks for the box!

Rooted. User part was new to me. Root was a bit easy or I would say straightforward

Nice box. Learned a lot.

Phew! What a box, what a thrill, what a ride!!!

It took me a LONG time to exploit this box. Foothold, user and root were completely new to me. Thanks a bunch to the creator of this box - I enjoyed it a lot!!

No new hints from me, reading through previous posts should give you all you need.

DM for hints!

Just rooted. Really great box, learned a lot. DM me if you need some help.

I am stuck with privesc , any hints?