Oz

Lets discuss Oz.

it gives random strings for any unknown routes making it nearly impossible to enumerate.

I talked to someone in the shoutbox earlier about it that said he had a limited way to read files, so I know that’s possible at least. Didn’t ask him any details though cause I didn’t really want to spoil anything for myself or others.

yeah, in the same boat…lots of chunked data but even more dead ends.

me2 : , )

stuck in three different things … and all leads to dead ends… if someone can direct me to right path when he finds then it would be great… the machine seems hard…

@asifsohail said:
stuck in three different things … and all leads to dead ends… if someone can direct me to right path when he finds then it would be great… the machine seems hard…

Nobody pwnd it yet bro…

YOU HAVE NO POWER HERE! :slight_smile:

@bobthebuilder said:
YOU HAVE NO POWER HERE! :slight_smile:

Is this useful? I found it too. But no success in anything. Googling i found a snippet of the script of the The Wizard of Oz (1939) with a same line in the script. Maybe there is something there or not…

The fact that it is not pwned yet, after so many hours, shows the difficulty i think…

Om Nom Nom

“You’re just trying too hard… nobody hides anything in base64 anymore… c’mon.”

@ozymandias said:

@bobthebuilder said:
YOU HAVE NO POWER HERE! :slight_smile:

Is this useful? I found it too. But no success in anything. Googling i found a snippet of the script of the The Wizard of Oz (1939) with a same line in the script. Maybe there is something there or not…

The fact that it is not pwned yet, after so many hours, shows the difficulty i think…

No, its not useful. I’m just pasting random funny bits I find along the way…

“You are just wasting time now… someone else is getting user.txt”
“Look… now they’ve got root.txt and you don’t even have user.txt”

Funny stuff :wink:

@bobthebuilder said:
“You are just wasting time now… someone else is getting user.txt”
“Look… now they’ve got root.txt and you don’t even have user.txt”

Funny stuff :wink:

hahaha… :wink:

\x is this some encoding any guess or deadend

you get so much info from the box, even limited file access, still not in.Probably another facepalm after I know how 8D

@D4Vinci said:

it gives random strings for any unknown routes making it nearly impossible to enumerate.

Yes, the application has a custom 404 errorhandler (like another active challenge)
To enumerate, do not use the GET method. It’s possible to find a route with a name like ‘/??e?s’ and maybe others.

Keep in mind that everything may be useful later.

This box is a nightmare.

I saw the first blood needed 15 and 18 hours, so much effort for that 30 points. LOL.