Starting Point: Bike

This box isn’t working the way it should according to the walkthrough. In burp repeater I execute:



User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Content-Length: 1334


Connection: close


Upgrade-Insecure-Requests: 1


I get back this:

HTTP/1.1 200 OK

X-Powered-By: Express

Content-Type: text/html; charset=utf-8

Content-Length: 1172

ETag: W/"494-RpawBI+3kN5Kwt8S54wY32132DQ"

Date: Wed, 18 May 2022 15:21:07 GMT

Connection: close

<!DOCTYPE html>
<html lang="en">

    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link rel="stylesheet" href="css/home.css">
    <title> Bike </title>


    <div id=container>
  <div class="type-wrap">
    <span id="typed" style="white-space:pre;" class="typed"></span>
<div id="contact">
    <h3>We can let you know once we are up and running.</h3>
    <div class="fields">
      <form id="form" method="POST" action="/">
        <input name="email" placeholder="E-mail"></input>
        <button type="submit" class="button-54" name="action" value="Submit">Submit</button>
    <p class="result">
        We will contact you at:  e
 [object Object]
 function Function() { [native code] }
 [object Object]

    <script src=""></script>
    <script src="js/typed.min.js"></script>
    <script src="js/main.js"></script>


According to the walkthrough I should get this:

I found out that it’s possible to follow this walkthrough all the way through if you use the pwnbox, but not if you’re using Kali-Linux-2022.2-virtualbox-amd64. Does anyone know why this is? What’s the vital difference?

@mercadier I am running into the exact same issue. I’m using Ubuntu 22.04 LTS. Have you found a solution or you still waiting for a solution?

I was having the same problem. I got around it by encoding the code block:

{{#with “s” as |string|}}
{{#with “e”}}
{{#with split as |conslist|}}
{{this.push (lookup string.sub “constructor”)}}
{{#with string.split as |codelist|}}
{{this.push “return process.mainModule;”}}
{{#each conslist}}
{{#with (string.sub.apply 0 codelist)}}

Then instead of copying the next code blocks, just append the additional code onto the end of mainModule. You should be able to get the flag this way.

I think machine does not work. I’ve got “The connection was reset” in pwnbox when entering magic {{7*7}}.

Hello there, I am having the exact same issue described by @SampleService

I am using a fresh install of Kali 2022.2 as guest on Vbox, but I’ve got the same issue even with a Debian as host.

I’m having something similar. When I’m entering {{7*7}}, the error page is not loading. So I don’t see the server-side error code. I only get the firefox error page that the site could not be loaded. “Firefox can’t establish a connection to the server at”

  • I’m connected via OpenVPN.
  • Kali Linux 2022.2

Exact same issue here, please file a case to customer service like i did. I believe in case they 'll receive massive load of such queries this might speed up the process for this machine.

I’m running into exact same issue.
I send {{7*7}}, received “The connection was reset”.

The machine is now working properly, just solved without any problems!