Grammar

watch the video

I feel like I have been stuck halfway through this challenge for going on 4 days now. I have the cookie, tried decode/encode make every form of request I can think of and i’m not making any headway. Clearly I am overthinking something here. Any clues as to what I should be focusing on.

think m0re !

HMAC am i on the right track?

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

This is my first post, I’m still stuck on getting past/find correct page that’s not 403 error…
someone stated it’s not brute forced and you need to send a special http request… I’m totally lost here. I tried dirb at index.php and a few other content discovery techniques with no luck… I watched the video too, no help there except lots of buzz words causing me confusion…

Help would be greatly appreciated. or message me. thanks,

can anyone dm me?
i know everything expect how to alter the sig hash , btw i tested if it’s vuln to some PHP unsafe comparisons

Spoiler Removed - Arrexel

I do have the same issue as slawill. I don’t know how to abuse the juggling vulnerability. I tried using names to get something “zero-like” on the MAC, but I don’t think this is the right way is it? Can someone push me in the right direction? Please DM me or answer here.

Someone that can help me out? Pls PM

@slawill said:
Spoiler Removed - Arrexel

I’m stuck in the same place, does anyone have any suggestions on how to continue?

@0zcool said:
This is my first post, I’m still stuck on getting past/find correct page that’s not 403 error…
someone stated it’s not brute forced and you need to send a special http request… I’m totally lost here. I tried dirb at index.php and a few other content discovery techniques with no luck… I watched the video too, no help there except lots of buzz words causing me confusion…

Help would be greatly appreciated. or message me. thanks,

me to stuck here !!! its my third day on this…need help pls

Spoiler Removed - Arrexel

just a feeling that im closing in to solve this challenge…
what are you trying to do huh? got this shitty response …
can someone PM me and give me some clue/hint to kick off some ideas?

This is a helpful guide from Owasp about PHP Type Juggling

NVM just got the flag hahah

 well done! flag is: **************

@spade said:
NVM just got the flag hahah

 well done! flag is: **************

Way to go!

thank you @n3tc4t … could’ve done it w/out your help :smiley:

@n3tc4t I know about the PHP Type Juggeling but I tested every possible input… Even arrays and null… Can you PM me with a hint ?

@n3tc4t same for me :wink: