[WEB] interdimensional internet

Edit: sorry, wrong topic, my bad

oh man this took me ages because of the slow af exfil…
can’t wait to go find some writeups and see if i just did it in a really stupid way lol
EDIT: yeah i wasted hours because of slow exfil ■■■■. there’s a much better way than acting blind

Woohaa got the flag! Learned a lot about python. Thanks @doxxos for the last push!

Is it possible to return value from ***k? I would appreciate it if someone can explain this part to me in PM?

I found an EC() injection point, but the R*X is filtering basically everything that I can think of. Can someone inbox me a nudge for this stage?

Really enjoyable. Thanks to @seekorswim for the guidance.

Done

I saw many here posted that their exploit worked locally but not on the remote host. I’m facing the same issue. Any nudge would be appreciated :slight_smile:

Type your comment> @boris154 said:

I saw many here posted that their exploit worked locally but not on the remote host. I’m facing the same issue. Any nudge would be appreciated :slight_smile:

Finally finished :slight_smile:
If anyone else gets stuck with that issue, don’t trust your local python (especially on kali), you docker to run it and then test your exploit.

Uff… I think I know a lot about it, but… I miss the most important thing! I can’t get the site to do even a simple operation! should I forget cookies? :frowning:

Interesting challenge, learning an fair tad. Can any one DM me to offer an nudge on the payload part?

This was a really tough but awesome challenge. Not sure why it is only worth 30 points, but had a lot of fun figuring out the bypass for local vs. remote :slight_smile:

I need a nudge for how can I get info from the server using blind attack

Completed the challenge, anyone who needs help can ping me

well this is impossible on the r***x part, tried everything that was mentioned (encoding, using double) nothing worked, and for some reason there is no simple demonstration on the internet how to workaround this funtion. Might have to use some kind of bruteforce to find the answer… well it was fun until I got to this part lol

Really enjoyed this challenge. The biggest challenge was to bypass the ‘blind’ exfiltration and length restriction. Found a nice way to do both with one method. If you’ve already solved it, I’ll happily disclose my method. If not, think about other ways to send/receive data in a HTTP request/response

if anyone is struggling with the length there are shorter ways to reach the func to pull other helping hands. and in some cases, if your request-response doesn’t take more than a second you can basically sleep for the amount of time and then round() up in python to know the number instead of checking one by one. lastly, if something is toooooo big, look for other ways to reach it without mentioning it fully. you already have all the helping hands you need to exfil.

How the ■■■■ was that ■■■■ 30 points? Oh geez…
Feel free to PM for nudges

where is methods??? :confused:

Wow, that was very interesting and challenging. Congrats @makelaris , got a lot of fun here.

A few tips that could be handy:

  1. Try to understand how the application works, don’t submit payloads like a crazy.
  2. Replicate locally. You need to do something with the payload to make readable by the application. You can force some custom errors to see if it is working.
  3. Read about what you need and how to exploit it. Doing locally is faster and effective.
  4. After that, you have to bypass some filters, that’s a bit tricky.
  5. Some commands might not work. I did it blindly but there are another options.

Anyways, PM if you are stuck.