Official Unicode Discussion

Official discussion thread for Unicode. Please do not post any spoilers or big hints.

Sooo, has anybody a small hint what to do beyond basic enumeration? While the wildcard response is annoying, it was not really hard to bypass. But I see only two to three ways to interact with the web application, which all seem boring. wfuzz turned up some interesting paths, but I lack any information about the auth system besides that I can create accounts.

Judging by the name, I assume that a unicode vulnerability is there somewhere.

It is possible under /uploads to put a file on the mashine, maybe a .php reverse shell,
but i have no idea who saved the mashine the uploaded files, and I don’t know whether it is possible to access the files from outside .
Anybody have a idea and can gve a hint pls…

register and look at the cookie

2 Likes

how do i look at the cookie

not to be rude i pwned the box already.
I couldn’t look at the cookie because i couldn’t login i resetted the machine and then it gave me the cookie

(post deleted by author)

nvm, got it :slight_smile: fun box !

at the same spot right now, was this the way to go or should i look for something else? :stuck_out_tongue:

Even though I’ve had some troubles on the way, this was a great machine! I learnt some new things and finally getting the root shell was fun!

Stuck at the token, do we need to find a way to bypass whitelisted URLs or find a place where uploaded files go?

Bypass. Take a close look at the main page

1 Like

Thank you. Got it!

I am almost root, but is it by design that the pe says that that folder does not exist and you can not use the pe program at all ? (I am asking because when I started the box did not work properly and I had to reset it).

User owned :slight_smile:
Nice box so far !!

EDIT: root flag obtained ^^
However I cannot get a shell on that box and since we always can, I’m confused… The key seems to be password protected? Can anybody please tell me in PM? Thx!

Do not hesitate to ask if stucked :wink:

Yeah, it seems to be by design

I managed a shell rather than just grabbing the flag, although I’ve got no idea if it was via an intended method or not. If no one else has given you a method feel free to PM

Thx, I finally got a shell on that box :wink:

This box will teach you a lot of tiny things that you may find in real life.
The initial web art was awesome. thanks to the creator.
Hints:
User: Check the encoded ones, what it contains, google, what it is used for once. then there is a vulnerability you will have to be a little advance to exploit it, then all come to enumeration.

Root: it is easy to find and easy to exploit, you need to google for this, and don’t underestimate the power of Linux utilities.

Discord: luckythandel#6053

Ugh. Find a non-Python-based tool for digging into the details of the PE path. None of the Python tools were up to date enough for the default 3.9 on Kali. I have a feeling though, that if I did the prep step for said “digging in” using an older version of Python, the regular Python-based tools would have worked. Dunno, and I’m too lazy to check lol.

Challenging box for me. Lots of research and fiddling required.

[edit] I’d love to know a path to full control. Sadly just gained enough control to dump the flag, and had the same issue with the SSH key as described by clure above. If you trace the connection, you can see that it looks like a misconfiguration in the ssh server that falls back to asking for a password when the key doesn’t work. :confused: