Grammar

Finally managed to solve this one, took me a good few hours…

For the second part of the challenge: Think about “how” types are declared, some need more than others… :wink:

Hint: when you try to do that think with that base64 sometimes for “random” reasons it fails. So my suggest is to try each attempt several times

Morning all, I managed to get to the last part, and according to what I’ve been reading and analyzing, my final step should work. It’s really a matter of using the right notation to get what you need, but I keep being unsuccessful (trying not to spoil anything here). Anyone available for PM?

Type your comment> @darkcyber said:

never mind, it was parameter problem. for anyone which get “What you are trying to do?” make sure just change third parameter.

Finally solved.

This comment did it for me, was a challenge but got there in the end!

If anyone is after hints, feel free to PM :slight_smile:

Hey i manged to pass the first step by using hints here but i didn’t realy understand why it works i will be happy if someone send me pm with explenation of the exploit

thankes a lot

@darkcyber said:

never mind, it was parameter problem. for anyone which get “What you are trying to do?” make sure just change third parameter.

Finally solved.

Just finished the challenge, didn’t take very long.
This comment was really helpful!

Stuck in first step with HTTP request, can someone PM?

EDIT: Forget it, I get the answer about request

Solve it :slight_smile:

Can anyone help with this challenge? I am now past the 1st stage, but not fully understanding what I need to do next.

EDIT: all done. Thanks @snuggles for your time.

I had so much fun with this one! I learned some new stuff, and even found out that ive been writing my PHP wrong for years @_@

Some fresh and lovely hint cakes:
-Dont dirb or gobuster, its a waste of time and resources.
-Try some standard web files names like /jINgleDEXter.php
-The POSTman is always a nice person, but dont GET him anything for christmas.
-Belching feels good, some might even call it sweet.
-Sometimes you have to repeat yourself.
-Glcrwhttyvat vf fhcre sha naq pbby, qb fbzr tbbtyva’ nobhg vg.
-Cookies are tasty, but sometimes you have to see whats in them first.

PM me if you need help!

Hi!
I’m stuck with the default php. I have tried many pages and none give me a cookie.

Update: I feel stupid, I’ve got access and I’m seeing what to do with the MAC

I feel lost on the final part of this challenge. I’ve read the slideshow from this thread and have fuzzed the applicable portion of the app. I’ve gotten the “what are you trying to do huh?” and “you’ve f*cked something up” responses.

I’ve also managed to get a single response for each username I’ve tried (I’m thinking username is irrelevant) in which there was NO message - only the form, but I don’t see anything resembling a flag or hinting where to go from there.

Would someone who has solved this please PM me? I don’t want to give too much away on this forum. I feel like I’m right on the brink here, but I don’t know the next move…

Ok, something is up. I got the flag (or I believe I did) but pasting it in the field gave me an incorrect flag. Here is a snippet, if someone can let me know if I’m correct that would be great.
well done! flag is: T---------------S
I suck at php so if you finished the challenge with a method other than type (removed this part for extra anti spoilz) or found a bug,please let me know.

LOL I’m such a muppet. Figured it out. Will leave this here that, if you get the above message, I can confirm it’s correct. Just format it :wink:

Ugh, that one was simple in retrospect (after reading the slides linked earlier here) but annoying to get right. I first spent way too much time trying to get the secret from the MAC using hashcat.

Hi guys. I found the flag but the site doesnt accept it. Is there something i need to add to it?
I’m quite new so probably i missed something.
Thanks!

I have the same problem. I’ve found the flag but the site is not recognizing it as a valid one.

well done! flag is: ***************

I only get :

Incorrect Flag
Try harder!

Okay…That was actually dumb. Just format the password… ( Hint same format as other challenges )

I know what to do for this, but i legitimately can’t seem to edit the cookie with burpsuite. Each time I try and resend the HTTP request, nothing happens.