Official discussion thread for Trickster. Please do not post any spoilers or big hints.
We ready boys!?
tried 1 sqli payload now im blocked from website, nice
so much to look at…jesus
E: OH
Have anybody found a CVE for the shop? Or maybe Im looking in the wrong place.
Anyone else having issues with a lateral movement step after getting user flag?
Yeah this box is… interesting…
Good luck everyone!
Lots and lots of resets…
I seem to change everything in the script but dont get a shell. Anyone who can nudge?
Same here! Everything is done successfully as I can see through my logs. But can’t trigger it. Maybe wrong path or maybe wrong access? Idk
I get an error every time I open an account. Any help ?
Invalid email/password combination
Got it mate! A silly mistake.
I got in too! setting up things locally did help a lot
Got root unintended way I think… Don’t know if any mods around here and will try not to spoil, but got root from the service that is running inside the container (just warning in case a fix is needed).
Already Pwned! Good Luck, Everyone.
i cant use the fuzz.
like usual was out for the weekend came back 6-7 hours a go and started the box. everything super fun and nice until one part, then I try to change POC to do a simple thing, did not work, I replicated manually and after some head banging got it working! then it was easy again.
Happy Hacking!!!
Lots of interesting things to poke around. That one special directory you can rebuild had an interesting clue in it, but it didn’t gain me any access, unless theres something in the new page…
Good thing someone forked and contributed back to the PoC…