Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.
nmap -sSVC 10.10.10.121 ->
I got three ports 22, 80 , 3000
I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.
Also there is If_None-Matched parameter pass to request header. But that doesn't seems
fruitful.
Is there anything that I'm missing.Kindly Help me out!
That was a great challenge, but it has the potential of taking you forever with several rabbit-holes to fall into. Had a good laugh when it unraveled though.
Online-search can give you the tools, but you still need to be creative for one step.
Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.
nmap -sSVC 10.10.10.121 ->
I got three ports 22, 80 , 3000
I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.
Also there is If_None-Matched parameter pass to request header. But that doesn't seems
fruitful.
Is there anything that I'm missing.Kindly Help me out!
Hi folks im on the last step.. found the "PW" with the python2 thing ^^ (try to not hint anything very important ) but what the hell should i do with these (888b...88blah) stuff.. am i just blind or do i miss something?
Google one of the strings you find in the text? Might not be the first or second line.. Some kind of compression is being used. Up to you to find out which one exactly
These 2 comments were the best tips i could've gotten (i learned about binwalk now and also about next step to be used )
Thank you very much @Frey and @loln00b tho' i feel like I cheated somehow because your 2 tips led me straight to the flag
After figuring out whether I like pickles or not, I get data in a list that I have no idea how to interpret or what to do with it, I feel close but it still resists...could anybody please give a hint?
Comments
Just take a walk, eat some pickles (goes nice while watching old sketch comedy show) and insert the result to get the flag
hope this is not a spoiler. But OOOs are really 000, if you stuck at the end.
edit: wrong post.
A good challenge which took me a while. Also, I've never been a fan of Pickles in my burger.
o || 0 || O
Above three are all different
Discord : secHaq#7121

Just solved it...
Damn Rabbits... LOL
Happy to help if anyone needs a hint
Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.
nmap -sSVC 10.10.10.121 ->
I got three ports 22, 80 , 3000
I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.
Also there is If_None-Matched parameter pass to request header. But that doesn't seems
fruitful.
Is there anything that I'm missing.Kindly Help me out!
This was quite fun, but at some point in the challenge, I got into a "Pickle"
Please give me a shout if you need some hints or assistance!
That was a great challenge, but it has the potential of taking you forever with several rabbit-holes to fall into. Had a good laugh when it unraveled though.
Online-search can give you the tools, but you still need to be creative for one step.
Press F to give respect
Its Dill Compression
Type your comment> @VibhorBansal said:
wrong forum
Well, this one was kind of BS. I would have never found it without people here commenting about terminal width/zoom.
iv found the relish but the reptile keeps complaining.
AttributeError: 'module' object has no attribute 'load'
anyone able to help out, iv tried stackoverflow and so on, removed and added the culpret and so on, but no dice.
-All hail the Potato-
Type your comment> @SecHaq said:
haha this is a good hint ๐๐
Damn rabbit hole.
if anyone need help PM me... ๐๐๐๐
HAPPY TO HELP...!!!!
I liked this one. Would have been in a pickle if I hadn't read some of the hints on here though.
Hi folks im on the last step.. found the "PW" with the python2 thing ^^ (try to not hint anything very important
) but what the hell should i do with these (888b...88blah) stuff.. am i just blind or do i miss something?
PM me if you have some helping hint
Krg s1ck0
This challenge killed me... However, now I know how to make my terminal startup look fancy... Thanks for all your hints.
Amazing challenge! Thanks @felli0t
Type your comment> @Frey said:
@loln00b said:
These 2 comments were the best tips i could've gotten (i learned about binwalk now and also about next step to be used
)
Thank you very much @Frey and @loln00b tho' i feel like I cheated somehow because your 2 tips led me straight to the flag
it ain't much but it's honest work
i hate this flag, idk why dont accept the flag
i write with "0" but not accept ?
edit: that was not flag, i got it
You can pm me on discord sh4d0wless#6154
I lost quite some time trying to crack the password ๐ Not done yet but fun so far
I wish there were a "CTFy" indicator for challenges like there is for boxes... personnaly i found this completely useless and a waste of time.
eCPPT | OSCP
i'm PICKLE riiiick!
After figuring out whether I like pickles or not, I get data in a list that I have no idea how to interpret or what to do with it, I feel close but it still resists...could anybody please give a hint?