Official Zipping Discussion

rawsseck · September 16, 2023, 4:47am

same here

TheGoldenFox · September 16, 2023, 5:53am

Just owned the box. Feel free to PM me if you need a nudge .

yahve666 · September 17, 2023, 12:11am

Hi, is the zip upload technique the right way to deal with the box to get the user shell?

yahve666 · September 19, 2023, 1:01pm

Can anyone give me a hint, I’ve tried literally everything!

echokp · September 19, 2023, 3:36pm

My drone/home/rektsu/.config/ is missing libcounter.so, and stock does not have this call. What should I do?

Ud0g · September 19, 2023, 3:39pm

Think about if you could exploit your way with some SHARED thing and build it your own now that you find that something is missing…

yahve666 · September 20, 2023, 5:15pm

I didn’t find my way to RCE through the upload. I’ve tried litterally evrything on the upload part. But nothing worked. The only thing I got is a kind of LFI, I can read the content of files that the user r have the read permissions on! Is the upload thing a rabbit hole? Can I have a little hint??
(I got the user flag, by reading it, i dont think it’s the appropriate way!)

TheGoldenFox · September 22, 2023, 7:28am

PM me.

kneehighskii · September 29, 2023, 2:16am

Finally, finally, rooooooooted!!!
This box was a bit difficult for me, but it was crazy fun!!!
Thanks to the box’s creator and the advice in this thread!!!

nigamelastic · September 30, 2023, 1:26am

exactly the same with me

nigamelastic · October 1, 2023, 10:09am

Think about what else can U do with the MySQL, also is there any way to connect the first vuln with this

bydavidtm · October 2, 2023, 11:02pm

Hello, i have been trying the intrusion on this machine for 1 week and still don’t get it, i would appreciate if someone could help me. Thanks:)

aathishs11101 · October 4, 2023, 8:03pm

i have got the user flag using lfi but couldnt get into the machine any tip regarding that

kaulik · October 7, 2023, 1:24pm

bro tell me how to get reverse shell i tried zip method but didnt work

BROKExDAD · October 11, 2023, 2:11am

Upload vector is a bust.
Anyone have a directtion or hint we could go in?
Fuzzing yields no results.

NullExceptionTSB · October 11, 2023, 9:12pm

I found the SQLI but now I’m stuck and can’t get a shell. Could someone DM me a hint?

fadedHill · October 12, 2023, 2:20pm

any chance of a nudge to the proper sqli. I cant find it for the life of me.

fadedHill · October 12, 2023, 2:39pm

im stuck in the same place. tested LFI. sqli, upload vector with zip slip and get nothing

gavroche · October 24, 2023, 10:49pm

Soooo… Am I supposed to bypass the preg_match regex to perform sqli or is that a dead end ? I’ve tried at it for a few days now, no success…

bayaspirinha · October 27, 2023, 12:58am

same here, i got the user flag but i don’t know how to get into the system. I’ve tried to bypass preg_match but no solution. PM me if you want to work together.

Topic		Replies	Views
Official Trick Discussion Machines	346	19832	December 23, 2022
Official Unicode Discussion Machines	29	3066	May 7, 2022
Networked Machines	630	87823	April 20, 2020
Official OnlyForYou Discussion Machines	186	12439	September 7, 2023
Official Meta Discussion Machines	90	7034	June 9, 2022

Official Zipping Discussion

Related topics