[WEB] interdimensional internet

rubenflush · January 4, 2020, 7:52pm

Thanks that worked! Now I am stuck again… this is taking soo much time lol

rubenflush · January 7, 2020, 8:12pm

Can anyone give me a hint / PM? Is there any way to execute something?

seekorswim · January 12, 2020, 1:51pm

Got it! Who knew playing in a snake’s sandbox could be so fun. Thanks to @undefi for the nudge.

doxxos · January 16, 2020, 10:46pm

Thanks for this great challenge!

moozilla · January 17, 2020, 4:56am

Can someone DM me a hint on how to bypass r***x? No matter how hard I try to ESCAPE I seem to to still be stuck.

secabit · January 18, 2020, 7:18pm

@moozilla
Sometimes it is good to use something twice.

Still working on this challenge. I don’t know how to get data back.

moozilla · January 19, 2020, 5:45am

@secabit Thanks, I managed to get that part working finally, but now I’m stuck on the same thing as you. When I run my attack against the server locally I can get a reverse shell, but it doesn’t work against the actual box. That also feels like not the intended solution since it’s a web challenge. Feel like I’m missing something obvious.

moozilla · January 19, 2020, 11:37am

Finally got this one! Was thinking about one of snuggles’ comments and right when I starting to get SLEEPy the answer hit me.

job0 · January 23, 2020, 11:16am

Really enjoyed this challenge and learned lots about Python 2 (shame that it has just entered EOL so some of the learning feels a bit wasted).

I took to blindfolded sleeping to exfiltrate my flag, one wink at a time. But it looks like there are different ways to do the last step.

As an aside, I dont understand why most people have rated this challenge ‘Brainfuck’. It could have been lots harder - just search for escaping python jails and ctf, there are some truly twisted ones out there.

secabit · January 23, 2020, 11:44pm

@seekorswim @moozilla
Thanks for help guys.

Finally done. Watch out on every step, when you’ll forget about important things then you will lost a lot of time. It is making this box hard, but I really enjoyed.

0xRCE · January 24, 2020, 12:45pm

Edit: sorry, wrong topic, my bad

0x41 · January 28, 2020, 12:39pm

oh man this took me ages because of the slow af exfil…
can’t wait to go find some writeups and see if i just did it in a really stupid way lol
EDIT: yeah i wasted hours because of slow exfil ■■■■. there’s a much better way than acting blind

rubenflush · January 28, 2020, 8:10pm

Woohaa got the flag! Learned a lot about python. Thanks @doxxos for the last push!

LiquidoTacita · January 29, 2020, 8:47pm

Is it possible to return value from ***k? I would appreciate it if someone can explain this part to me in PM?

Wokewok · January 31, 2020, 10:48pm

I found an EC() injection point, but the R*X is filtering basically everything that I can think of. Can someone inbox me a nudge for this stage?

flexbert · February 10, 2020, 3:40pm

Really enjoyable. Thanks to @seekorswim for the guidance.

HexInstructor · March 5, 2020, 9:13am

Done

boris154 · March 22, 2020, 8:57am

I saw many here posted that their exploit worked locally but not on the remote host. I’m facing the same issue. Any nudge would be appreciated

boris154 · March 22, 2020, 2:17pm

Type your comment> @boris154 said:

I saw many here posted that their exploit worked locally but not on the remote host. I’m facing the same issue. Any nudge would be appreciated

Finally finished
If anyone else gets stuck with that issue, don’t trust your local python (especially on kali), you docker to run it and then test your exploit.

askanga · March 27, 2020, 6:45pm

Uff… I think I know a lot about it, but… I miss the most important thing! I can’t get the site to do even a simple operation! should I forget cookies?