Official Weather App Discussion

Official discussion thread for Weather App. Please do not post any spoilers or big hints.

Comments

  • Cool challenge so far! I think I found what i need to do, but I can't figure out what to do to successful r******r. I'd highly appreciate a small hint or at least telling me if i am on the right track!

  • edited January 30

    EDIT: Ok, for people distracted, don't forget you can download files for this challenge.

  • Type your comment> @docluis said:

    Cool challenge so far! I think I found what i need to do, but I can't figure out what to do to successful r******r. I'd highly appreciate a small hint or at least telling me if i am on the right track!

    I'm stuck at the "r******r" part, but from the code can see what the next step is.

  • edited February 2

    Successfully get flag in local environment, but in remote environment, if s***p is caught, the server stops. Is there anything I'm overlooking?

  • Type your comment> @d1mihsp4ce said:

    Successfully get flag in local environment, but in remote environment, if s***p is caught, the server stops. Is there anything I'm overlooking?

    Im having the exact same issue, did you get there in the end?

    Hack The Box
    ~ Halpless Technoweenie ~

  • It's not a blocking query, it's in asynchronous execution which means you're not going to be able to cause delays or errors. That's the point of that step.

  • I finally succeeded to solve it through my exploit.

  • edited February 8

    I'm stuck at the r*****r part, but already got a flag in the local env. Is there any way to do a P*** request via a**/******r method?

  • vnvvnv
    edited February 16

    I have requested POST to create a new account successful.
    I am trying to exploit S**i in r*****er function but I stuck here.
    Am I on a right way? Somebody give me a hints?

  • Type your comment> @vnv said:

    I have requested POST to create a new account successful.

    You don't need a new account. Just look to existing. How do you do a POST request?

  • vnvvnv
    edited February 16

    Type your comment> @Difrex said:

    Type your comment> @vnv said:

    I have requested POST to create a new account successful.

    You don't need a new account. Just look to existing. How do you do a POST request?

    @Difrex said:
    Type your comment> @vnv said:

    I have requested POST to create a new account successful.

    You don't need a new account. Just look to existing. How do you do a POST request?

    I exploit s##i via request /a*i/w*****r

  • edited February 16

    I'm also stuck.Server stops for some reason when content type is changed. Any hint?

  • edited February 18

    I am stuck at /a**/w*******r
    Tried to brute force on /l***n could not get anything there.
    Can anyone please guide me in the right direction?
    Thanks

    [update-1]
    I tried to read the code dump and found something interested with /r******r POST request.
    I am still stuck at bypassing certain check, tried all X************r header, anyone nudge in the correct direction please.

    Hack The Box

  • vnvvnv
    edited February 21

    Finally, get the flag :))! I was on the right way. great challenge!

    @vnv said:
    I have requested POST to create a new account successful.
    I am trying to exploit S**i in r*****er function but I stuck here.
    Am I on a right way? Somebody give me a hints?

  • edited March 1

    found the reason. good luck to everyone and more correct thoughts

  • can somebody pls give me a hint how is it possible to make a post?

  • edited March 5

    Can do the POST but fight to combine all things so that they work - it would be nice if someone could give me a nudge for this

    nvm🤦‍♂️ - done

    an0nnnym0u
    Did I help you? Please return the favour and +1 respect me
    https://www.hackthebox.eu/home/users/profile/177580

  • edited March 5

    read through the code. think i know what to do with /r******r but its not working. Am i missing something?

  • I finished... I think the challenge should be worth more than 30 points. Anyway, It's a great one and I learned quite a bit. Thanks!

  • Can anyone please DM me any nudge? I'm stuck on the by**** and have successfully exploited the rest.

  • edited March 13

    I have the weirdest issue. My payload works on my local Docker but not with the HTB online server.

    I tracked it down to a console.log debug message i added to check out what's going on. With it, it works. Without it, it doesn't.

    lebutter
    eCPPT | OSCP

  • hui that thing brings me to my limit...
    After a lot of Days, I can now bypass the localhost check.

    But now I do not find what to do, because only one query is allowed.
    I would be very grateful for a little hint

  • edited March 29

    I have stuck and I don't know what to do next. Can someone DM me with a bunch of hints ?

  • Finally got it! A nice challenge, learned a lot.

    I'd not rate this as easy though, simply due to the many small things you need to do. But it might just be me who still have a lot to learn :tired_face:

    DM me for hint (write what you've tried)

  • Code analysis proves that manipulating registration should give a flag, but I can't find the correct poison. ***Am I on the right path??

    Brute-forcing isn't practical since encryption is way strong
    should I just root the remote box to get the flag??
  • edited April 4

    I am able to bypass localhost check, but the server always gives me parsing error. Can someone DM me for a hint?

    Update: Done (check correct Content-Type)

  • edited April 3

    I can't find how to bypass localhost check, any hint?

  • edited April 3

    --

  • @witer33 said:
    I can't find how to bypass localhost check, any hint?

    use proxychains

Sign In to comment.