Grammar

@mrschyte said:
Spoiler Removed - Arrexel

thanks! i didn’t exploit this issue yet, it will be a great experience

still cannot figure out what to do with this challenge :frowning: according to r2d2, I have to
bruteforce directories from the default php configuration which is not at /. I tried to brute force using dirb directories without any fruitfull information. Can anybody guide me to get my foot in front of the door? thanks :tired_face:

@Linoge said:
still cannot figure out what to do with this challenge :frowning: according to r2d2, I have to
bruteforce directories from the default php configuration which is not at /. I tried to brute force using dirb directories without any fruitfull information. Can anybody guide me to get my foot in front of the door? thanks :tired_face:

You don’t need to brute force anything. You’ll need to send a specific type of HTTP request to the default PHP page in order to get to the next step of the challenge.

watch the video

I feel like I have been stuck halfway through this challenge for going on 4 days now. I have the cookie, tried decode/encode make every form of request I can think of and i’m not making any headway. Clearly I am overthinking something here. Any clues as to what I should be focusing on.

think m0re !

HMAC am i on the right track?

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

This is my first post, I’m still stuck on getting past/find correct page that’s not 403 error…
someone stated it’s not brute forced and you need to send a special http request… I’m totally lost here. I tried dirb at index.php and a few other content discovery techniques with no luck… I watched the video too, no help there except lots of buzz words causing me confusion…

Help would be greatly appreciated. or message me. thanks,

can anyone dm me?
i know everything expect how to alter the sig hash , btw i tested if it’s vuln to some PHP unsafe comparisons

Spoiler Removed - Arrexel

I do have the same issue as slawill. I don’t know how to abuse the juggling vulnerability. I tried using names to get something “zero-like” on the MAC, but I don’t think this is the right way is it? Can someone push me in the right direction? Please DM me or answer here.

Someone that can help me out? Pls PM

@slawill said:
Spoiler Removed - Arrexel

I’m stuck in the same place, does anyone have any suggestions on how to continue?

@0zcool said:
This is my first post, I’m still stuck on getting past/find correct page that’s not 403 error…
someone stated it’s not brute forced and you need to send a special http request… I’m totally lost here. I tried dirb at index.php and a few other content discovery techniques with no luck… I watched the video too, no help there except lots of buzz words causing me confusion…

Help would be greatly appreciated. or message me. thanks,

me to stuck here !!! its my third day on this…need help pls

Spoiler Removed - Arrexel

just a feeling that im closing in to solve this challenge…
what are you trying to do huh? got this shitty response …
can someone PM me and give me some clue/hint to kick off some ideas?

This is a helpful guide from Owasp about PHP Type Juggling

NVM just got the flag hahah

 well done! flag is: **************

@spade said:
NVM just got the flag hahah

 well done! flag is: **************

Way to go!