Official Gunship Discussion

Official discussion thread for Gunship. Please do not post any spoilers or big hints.

Comments

  • OK so I have done this before and now I can't, what's changed can I get confirmation it has a changed vuln from when I first saw the challenge. Hard not to write a spoiler.
    ”No questions a stupid question”
  • *Spoiler Removed*
  • I suggest you to check the list of packages again.
  • edited September 5
    I would not rate this machine as "very easy", however it was good experience.

    If you are stuck - look at the source code, obviously. If you have found the matter of interest and the output is not what you expected, try to think out of the box. There are enough articles about what you looking for, however there is a little twist to it.

    Also, Burp is your friend.
  • Good day colleagues!

    I solved this box, it turned out to be quite interesting. I subscribe to the comment above. I can hint that you need to look closely at the source code and read that article on ast. A little patience and attention.
  • interesting box... "very easy" idk about that.

    I will say if you can google you can beat this box.. good stuff to learn!

    Tools you will need:
    Burp, Firefox, Google
  • Hey guys, I'm very new and I started this box because it's marked "very easy". I'm having an immense amount of difficulty with the last part. I don't want to spoil, but I'm really really stuck.

    I will be the first to admit, I'm in over my head. I have RCE, but I'm really stumped on what next. If I've given away too much, let me know. I would appreciate a pm with a nudge to help me finish.
  • Type your comment> @sickenxo said:
    > Hey guys, I'm very new and I started this box because it's marked "very easy". I'm having an immense amount of difficulty with the last part. I don't want to spoil, but I'm really really stuck.
    >
    > I will be the first to admit, I'm in over my head. I have RCE, but I'm really stumped on what next. If I've given away too much, let me know. I would appreciate a pm with a nudge to help me finish.

    If you have RCE, then u just need to read content from flag file in application folder
    It's basic stuff for any web challenge
  • Type your comment> @Mortido said:
    > If you have RCE, then u just need to read content from flag file in application folder
    > It's basic stuff for any web challenge

    Thanks for replying to me. I can't get a shell and I don't have the permissions to read certain files. Maybe my understanding of RCE is incorrect.

    It's really hard to explain my issue in detail as I don't want to spoil the box for anyone.
  • Ok.. I finally managed to do it. I would say that this was not very easy for me, but I learned so so so so much.

    The articles are accurate, but you cannot just blindly follow, you have to throw a spin in there at the end.

    I'm really happy to have completed this, I was definitely feeling a bit defeated by it.
  • is it possible that node version was upgraded and the vulnerability was patched? I can't seem to use the RCE vulnerability, I even tried to follow a writeup I found with the same vulnerability and it didn't work. what am I missing?
Sign In to comment.