AI

Got user!

Tipps: If something isn’t recognized the way you want it to be, try combining payloads from different sources to get what you want!

Thanks to @MrR3boot for the awesome box (although I haven’t finished yet)!

Pm for help

@mA1nfrAm3r said:
Got user!

Tipps: If something isn’t recognized the way you want it to be, try combining payloads from different sources to get what you want!

Thanks to @MrR3boot for the awasome box (although I haven’t finished yet)!

Pm for help

My pleasure mate :slight_smile:

I think I’m on the edge of root, but the exploit seems unstable.

Edit: Rooted. Took a while to run but it worked eventually.

I got user. Now trying for root.
I found a m*bo user, dunno if impersonating is the right path…

.

Got user last night and root just now :smiley:

Overall an awesome box.

If you need a nudge in the right direction PM me here or @MNA_sec

User part is funny. A little annoying once you figured out how to do the injection and test the payload but really fun. Thanks @MrR3boot

Rooted!
User part was cool and fun!
Root a bit frustrating, you must enumerate quite well.

Hmm totally stuck on init foothold, how are people getting AI to recognize any symbols/punctuations besides the ones on i********e.p, I only have words so far.
or if this is not even needed to get the required info out of the q
y page

Type your comment> @Vfocfz said:

just I need to know if am I in the right way after playing little bit with the waf I triggered *QL error

same

Type your comment> @zkvo said:

Hmm totally stuck on init foothold, how are people getting AI to recognize any symbols/punctuations besides the ones on i********e.p, I only have words so far.
or if this is not even needed to get the required info out of the q
y page

Pay attention to what is said on i*********e.**p and do some googlefu

@salute101 said:
Type your comment> @Vfocfz said:

just I need to know if am I in the right way after playing little bit with the waf I triggered *QL error

same

yes

Type your comment> @zkvo said:

Hmm totally stuck on init foothold, how are people getting AI to recognize any symbols/punctuations besides the ones on i********e.p, I only have words so far.
or if this is not even needed to get the required info out of the q
y page

In that page, there’s one big hint in the bottom.

Hints:

  • Initial enumeration:
    There’s a page that isn’t linked to that you need to find. Look up the things it references, it’ll really help later.
  • User:
    I guessed some common values here and it worked, there may be a more concrete method.
  • Root:
    Enumerate running processes. Once you find your method, wait. It may take a few minutes to work.

When uploading empty files I get “Our understanding…”; with wav files with simple words (not even trying advanced queries from the intel* table) I don’t get anything at all and most of the time the POST timeouts. Am I using a wrong format (16bit / mono / 8kHz)? Is it a cheap way to make this box difficult? I tried different TTS softwares, this thing just doesn’t work.

Thank you to @0PT1MUS for the hints provided.

My hints for user :

1º You can use TTS, or record yourself with a mic. There are different online TTS services available, but only one worked for me in the end. I would share the name, but apparently it was considered a spoiler in the first page.

As a hint, there’s one demo available by one company Steve Jobs didn’t like that will help you.

2º Enumerate in order to get additional information about the kind of queries you can perform. Don’t forget to pay attention to the references within that page.

3º There’s one word you need that might be split in two after being parsed by the AI. You can either record the word yourself, or replace the R with “her”.

I like the concept of the box, but I struggled with the TTS.

Let’s see about root.

after upload the WAV File i got the error we looking for but Can’t do any other Q**** because of the text-speech translate them by wrong way

I tried AWS Polly without success, totally misunderstood