Longbottom misc challenge

13ยป

Comments

  • edited April 2019

    Just take a walk, eat some pickles (goes nice while watching old sketch comedy show) and insert the result to get the flag :)

    cyberus17l

  • hope this is not a spoiler. But OOOs are really 000, if you stuck at the end.

  • edited April 2019

    edit: wrong post.

  • A good challenge which took me a while. Also, I've never been a fan of Pickles in my burger.
    o || 0 || O
    Above three are all different

    Discord : secHaq#7121
    trigger

  • Just solved it...

    Damn Rabbits... LOL

    Happy to help if anyone needs a hint :)

  • Hey!
    I tried the HELP HTB ,
    here is my following recon:-
    nmap -sA 10.10.10.121-> I go the all ports as unfiltered.

    nmap -sSVC 10.10.10.121 ->
    I got three ports 22, 80 , 3000

    I tried to enumerate 3000 port:- There I got Node.js Express Framework.
    Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
    But this vulnerability accepts profile parameter injection which is not in this case.

    Also there is If_None-Matched parameter pass to request header. But that doesn't seems
    fruitful.

    Is there anything that I'm missing.Kindly Help me out!

  • edited June 2019

    This was quite fun, but at some point in the challenge, I got into a "Pickle" :)
    Please give me a shout if you need some hints or assistance!

  • That was a great challenge, but it has the potential of taking you forever with several rabbit-holes to fall into. Had a good laugh when it unraveled though.

    Online-search can give you the tools, but you still need to be creative for one step.

    Gordin
    Press F to give respect

  • Its Dill Compression

  • Type your comment> @VibhorBansal said:

    Hey!
    I tried the HELP HTB ,
    here is my following recon:-
    nmap -sA 10.10.10.121-> I go the all ports as unfiltered.

    nmap -sSVC 10.10.10.121 ->
    I got three ports 22, 80 , 3000

    I tried to enumerate 3000 port:- There I got Node.js Express Framework.
    Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
    But this vulnerability accepts profile parameter injection which is not in this case.

    Also there is If_None-Matched parameter pass to request header. But that doesn't seems
    fruitful.

    Is there anything that I'm missing.Kindly Help me out!

    wrong forum :|

  • Well, this one was kind of BS. I would have never found it without people here commenting about terminal width/zoom.

  • iv found the relish but the reptile keeps complaining.
    AttributeError: 'module' object has no attribute 'load'

    anyone able to help out, iv tried stackoverflow and so on, removed and added the culpret and so on, but no dice.

    -All hail the Potato-

  • Type your comment> @SecHaq said:

    A good challenge which took me a while. Also, I've never been a fan of Pickles in my burger.
    o || 0 || O
    Above three are all different

    haha this is a good hint ๐Ÿ˜๐Ÿ˜

  • Damn rabbit hole.
    if anyone need help PM me... ๐Ÿ˜๐Ÿ˜๐Ÿ˜๐Ÿ˜Š

    HAPPY TO HELP...!!!!

  • I liked this one. Would have been in a pickle if I hadn't read some of the hints on here though.

  • Hi folks im on the last step.. found the "PW" with the python2 thing ^^ (try to not hint anything very important :D) but what the hell should i do with these (888b...88blah) stuff.. am i just blind or do i miss something?

    PM me if you have some helping hint

    Krg s1ck0

  • This challenge killed me... However, now I know how to make my terminal startup look fancy... Thanks for all your hints.

    :tired_face:

    image

  • Amazing challenge! Thanks @felli0t

  • edited March 12

    Type your comment> @Frey said:

    Take your way into using binwalk also for some lets say specific file, there is also something better to see than the actual index.html

    @loln00b said:

    Google one of the strings you find in the text? Might not be the first or second line.. Some kind of compression is being used. Up to you to find out which one exactly

    These 2 comments were the best tips i could've gotten (i learned about binwalk now and also about next step to be used :D )
    Thank you very much @Frey and @loln00b tho' i feel like I cheated somehow because your 2 tips led me straight to the flag

    Hack The Box

    it ain't much but it's honest work

  • edited March 19

    i hate this flag, idk why dont accept the flag
    i write with "0" but not accept ? :angry:

    edit: that was not flag, i got it :blush:


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • I lost quite some time trying to crack the password ๐Ÿ˜œ Not done yet but fun so far

  • I wish there were a "CTFy" indicator for challenges like there is for boxes... personnaly i found this completely useless and a waste of time.

    lebutter
    eCPPT | OSCP

  • i'm PICKLE riiiick!

Sign In to comment.