[WEB] interdimensional internet

Opening the discussion on the new interdimensional internet!

Tagged:
«1

Comments

  • Hm, haven't got anything so far. Just a hash in the CSS tag. It seems irrelevant

  • Dirb didn't get anything

  • The number seems to change everytime

  • @PvtSec said:

    The number seems to change everytime

    Read the HTML comments

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited December 2019

    I had a nice plate of COOKIES, but my FLASK wasnt as full as I wanted; it was a thirsty SESSION. I hope I dont BURP.

    My brain hurts and this is a really tough challenge, but im learning a bunch. Oh jeez, having a bunch of, a buncha fun. Oh man.

  • @emmycat
    Don't drink too much or you'll go BLIND.

    snuggles

  • Anyway I can get a nudge for the final step from any of the few solvers out there? I just am not sure what's possible besides a really slow and brutal way. I've tried other ways to overwrite other important things and tried to mess with a local thing but not succeeding .

    snuggles

  • edited December 2019

    Argh! How do you bypass the regex and Python 2.7's restricted execution mode?

    limbernie
    Write-ups of retired machines

  • It's even worse than that. Since _ is filtered, we can't even reach system() through Python subclasses, as shown in:
    https://nedbatchelder.com/blog/201302/finding_python_3_builtins.html
    Any idea, anyone?

  • Is the following error part of the challenge? I managed to create some recipes that would trigger the GFW locally, but probably of the time issue I cannot reproduce it on the docker site...Also any ideas on how to bypass the GFW?

    OverflowError: timestamp out of range for platform time_t
    
  • edited December 2019

    I can did 1 time, but i try encode cookie again, but not working. Please Helpme

  • I can get RCE running it locally (sleep, print, etc) with no modifications to the ***k s***** script, but because I built my local test setup using a different platform than the remote server my auth fails, and I don't feel like setting up another platform for this. Not yet anyway, maybe if I get bored enough one day.

    snuggles

  • Hi, anyone facing the issue where things are working on there box and not on docker instance, please make sure all your python libs are up to date.

  • edited December 2019

    Need some help, please.
    < type > is right way?
    PM me, please

    undefi

  • omg It was HARD!

    undefi

  • @istivagyok some distros come with a outdated Flask library pre-installed, please make sure that the library itsdangerous is updated so that the cookie signing works

  • Need some help with this challenge PM me :)

  • Whoa this one is hard. Any hints in how to process the forbidden (data)?
  • edited January 4
    @rubenflush maybe take a look at encoding and try to ESCAPE the filter

    I am able to bypass the firewall restrictions and I can execute some commands. I cannot recover the builtins functions though because access to __globals__ attribute is not possible (python restricted execution mode) . Any hints here or via pm would be nice :)

    doxxos

  • Thanks that worked! Now I am stuck again... this is taking soo much time lol
  • Can anyone give me a hint / PM? Is there any way to execute something?
  • Got it! :-D Who knew playing in a snake’s sandbox could be so fun. Thanks to @undefi for the nudge.

    OSCP, SSCP
    seekorswim

  • Thanks for this great challenge! :)

    doxxos

  • Can someone DM me a hint on how to bypass r***x? No matter how hard I try to ESCAPE I seem to to still be stuck.

  • edited January 18

    @moozilla
    Sometimes it is good to use something twice.

    Still working on this challenge. I don't know how to get data back.

  • @secabit Thanks, I managed to get that part working finally, but now I'm stuck on the same thing as you. When I run my attack against the server locally I can get a reverse shell, but it doesn't work against the actual box. That also feels like not the intended solution since it's a web challenge. Feel like I'm missing something obvious.

  • Finally got this one! Was thinking about one of snuggles' comments and right when I starting to get SLEEPy the answer hit me.

  • Really enjoyed this challenge and learned lots about Python 2 (shame that it has just entered EOL so some of the learning feels a bit wasted).

    I took to blindfolded sleeping to exfiltrate my flag, one wink at a time. But it looks like there are different ways to do the last step.

    As an aside, I dont understand why most people have rated this challenge 'Brainfuck'. It could have been lots harder - just search for escaping python jails and ctf, there are some truly twisted ones out there.

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • @seekorswim @moozilla
    Thanks for help guys.

    Finally done. Watch out on every step, when you'll forget about important things then you will lost a lot of time. It is making this box hard, but I really enjoyed.

  • edited January 24

    Edit: sorry, wrong topic, my bad

Sign In to comment.