[WEB] interdimensional internet

Opening the discussion on the new interdimensional internet!

Hm, haven’t got anything so far. Just a hash in the CSS tag. It seems irrelevant

Dirb didn’t get anything

The number seems to change everytime

@PvtSec said:

The number seems to change everytime

Read the HTML comments

I had a nice plate of COOKIES, but my FLASK wasnt as full as I wanted; it was a thirsty SESSION. I hope I dont BURP.

My brain hurts and this is a really tough challenge, but im learning a bunch. Oh jeez, having a bunch of, a buncha fun. Oh man.

@emmycat
Don’t drink too much or you’ll go BLIND.

Anyway I can get a nudge for the final step from any of the few solvers out there? I just am not sure what’s possible besides a really slow and brutal way. I’ve tried other ways to overwrite other important things and tried to mess with a local thing but not succeeding .

Argh! How do you bypass the regex and Python 2.7’s restricted execution mode?

It’s even worse than that. Since _ is filtered, we can’t even reach system() through Python subclasses, as shown in:

Any idea, anyone?

Is the following error part of the challenge? I managed to create some recipes that would trigger the GFW locally, but probably of the time issue I cannot reproduce it on the docker site…Also any ideas on how to bypass the GFW?

OverflowError: timestamp out of range for platform time_t

I can did 1 time, but i try encode cookie again, but not working. Please Helpme

I can get RCE running it locally (sleep, print, etc) with no modifications to the k s** script, but because I built my local test setup using a different platform than the remote server my auth fails, and I don’t feel like setting up another platform for this. Not yet anyway, maybe if I get bored enough one day.

Hi, anyone facing the issue where things are working on there box and not on docker instance, please make sure all your python libs are up to date.

Need some help, please.
< type > is right way?
PM me, please

■■■ It was HARD!

@istivagyok some distros come with a outdated Flask library pre-installed, please make sure that the library itsdangerous is updated so that the cookie signing works

Need some help with this challenge PM me :slight_smile:

Whoa this one is hard. Any hints in how to process the forbidden (data)?

@rubenflush maybe take a look at encoding and try to ESCAPE the filter

I am able to bypass the firewall restrictions and I can execute some commands. I cannot recover the builtins functions though because access to globals attribute is not possible (python restricted execution mode) . Any hints here or via pm would be nice :slight_smile: