Longbottom misc challenge

Just solved it…

■■■■ Rabbits… LOL

Happy to help if anyone needs a hint :slight_smile:

Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.

nmap -sSVC 10.10.10.121 →
I got three ports 22, 80 , 3000

I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.

Also there is If_None-Matched parameter pass to request header. But that doesn’t seems
fruitful.

Is there anything that I’m missing.Kindly Help me out!

This was quite fun, but at some point in the challenge, I got into a “Pickle” :slight_smile:
Please give me a shout if you need some hints or assistance!

That was a great challenge, but it has the potential of taking you forever with several rabbit-holes to fall into. Had a good laugh when it unraveled though.

Online-search can give you the tools, but you still need to be creative for one step.

Its Dill Compression

Type your comment> @VibhorBansal said:

Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.

nmap -sSVC 10.10.10.121 →
I got three ports 22, 80 , 3000

I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.

Also there is If_None-Matched parameter pass to request header. But that doesn’t seems
fruitful.

Is there anything that I’m missing.Kindly Help me out!

wrong forum :expressionless:

Well, this one was kind of BS. I would have never found it without people here commenting about terminal width/zoom.

iv found the relish but the reptile keeps complaining.
AttributeError: ‘module’ object has no attribute ‘load’

anyone able to help out, iv tried stackoverflow and so on, removed and added the culpret and so on, but no dice.

Type your comment> @SecHaq said:

A good challenge which took me a while. Also, I’ve never been a fan of Pickles in my burger.
o || 0 || O
Above three are all different

haha this is a good hint ??

■■■■ rabbit hole.
if anyone need help PM me… ???

HAPPY TO HELP…!!!

I liked this one. Would have been in a pickle if I hadn’t read some of the hints on here though.

Hi folks im on the last step… found the “PW” with the python2 thing ^^ (try to not hint anything very important :D) but what the ■■■■ should i do with these (888b…88blah) stuff… am i just blind or do i miss something?

PM me if you have some helping hint

Krg s1ck0

This challenge killed me… However, now I know how to make my terminal startup look fancy… Thanks for all your hints.

:tired_face:

Image

Amazing challenge! Thanks @felli0t

Type your comment> @Frey said:

Take your way into using binwalk also for some lets say specific file, there is also something better to see than the actual index.html

@loln00b said:

Google one of the strings you find in the text? Might not be the first or second line… Some kind of compression is being used. Up to you to find out which one exactly

These 2 comments were the best tips i could’ve gotten (i learned about binwalk now and also about next step to be used :smiley: )
Thank you very much @Frey and @loln00b tho’ i feel like I cheated somehow because your 2 tips led me straight to the flag

i hate this flag, idk why dont accept the flag
i write with “0” but not accept ? :angry:

edit: that was not flag, i got it :blush:

I lost quite some time trying to crack the password ? Not done yet but fun so far

I wish there were a “CTFy” indicator for challenges like there is for boxes… personnaly i found this completely useless and a waste of time.

i’m PICKLE riiiick!

After figuring out whether I like pickles or not, I get data in a list that I have no idea how to interpret or what to do with it, I feel close but it still resists…could anybody please give a hint?