Official Cereal Discussion

Official discussion thread for Cereal. Please do not post any spoilers or big hints.

Comments

  • Spoiler Removed

  • good luck

  • this must be a record breaker (LOL) spoiler in the first comment !! @cool4coder what did you give away the IP address 🥴

  • I've been on this S'Mores cereal binge for awhile. It's like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It's da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.

  • Type your comment> @Zot said:

    I've been on this S'Mores cereal binge for awhile. It's like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It's da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.

    I just had a terrible, horrible thought. If somehow, I couldn't have cereal anymore, I'd be decerealized. gasp Then I'd probably get thrown into rehab. Get released into a group home. Have to go to cerealaholics anonymous meetings. I think I had a nightmare like that once.

  • Alright I think I know the exploit but I need the username and password for it to work. If anyone else has found out the exploit please tell me whether it is a rabbit hole or not!!
    (exploit is related to something sweet)

    image

  • "X-Powered-By: XXXXX"
    Yep, hard machine. That's all my progress, I'm not ready to solve this yet. Any help?

  • WHY??
    ```
    HTTP/1.1 401 Unauthorized
    Server: Microsoft-IIS/10.0
    Strict-Transport-Security: max-age=2592000
    WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration"
    X-Rate-Limit-Limit: 5m
    X-Rate-Limit-Remaining: 0
    X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z
    X-Powered-By: Sugar
    Date: Fri, 27 Nov 2020 15:03:46 GMT
    Connection: close
    Content-Length: 0
    ```

    Hack The Box

  • I have generated the valid token, where I can choose the food

    Hack The Box

  • Look at your error:
    The token has no expiration

    Hack The Box

  • Type your comment> @ryarnyah said:

    Look at your error:
    The token has no expiration

    yes I've seen but I don't know how to set a date

    Hack The Box

  • ok

    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Server: Microsoft-IIS/10.0
    Strict-Transport-Security: max-age=2592000
    X-Rate-Limit-Limit: 5m
    X-Rate-Limit-Remaining: 5
    X-Rate-Limit-Reset: 2020-11-27T16:06:53.4910732Z
    X-Powered-By: Sugar
    Date: Fri, 27 Nov 2020 16:01:53 GMT
    Connection: close
    Content-Length: 43
    
    {"message":"Great cereal request!","id":17}
    

    Hack The Box

  • Type your comment> @ryarnyah said:

    Look at your error:
    The token has no expiration

    you have PM

    Hack The Box

  • Is there anyone who can give some hint (no spoiler please). I'm stuck for so long with **S & Restri**** to trigger my payload?

    Hack The Box

Sign In to comment.