Hi ! I got stuck in the final part (at least I think). I’m in front of many characters like of type ‘.’, ‘d’, ‘8’, ‘Y’, … I get this confused situation after do some things with a well known programming language.
Someone able to give me a little help ? Many thanks !
Just a little nudge, try other text editors maybe something with ++.
I managed to get some binary strings, but nothing that converts to anything that makes sense. I don’t even know if i’m on the right track. A nudge would be appreciated.
I just wanted to say how much I enjoyed this challenge. I even fell for the rabbit hole a bit, and it ended up being a great learning experience. Thank you.
Bruh need some help i got stuck at the banner.I dont understand first two letter it goes …1d0…PM me!! For the two word. I strech my terminal as i could still couldn’t figure out!!
I just wanted to say how much I enjoyed this challenge. I even fell for the rabbit hole a bit, and it ended up being a great learning experience. Thank you.
Bruh need some help i got stuck at the banner.I dont understand first two letter it goes …1d0…PM me!! For the two word. I strech my terminal as i could still couldn’t figure out!!
So I got the password for index.html and see the secret, but when I enter what looks to be a flag in the secret message into HTB I get “incorrect flag”. Am I missing something?
NVM. after refreshing the page it shows that I solved it.
Awesome challenge, i completely fell into that rabbit hole, learned a lot about crypto-js tho :')
I got another hint, if you are on a laptop with a putty terminal, set the font size to 7…
I still wasnt able to read it, after widening the terminal or zooming out.
Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.
nmap -sSVC 10.10.10.121 →
I got three ports 22, 80 , 3000
I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.
Also there is If_None-Matched parameter pass to request header. But that doesn’t seems
fruitful.
Is there anything that I’m missing.Kindly Help me out!