ImageTok

Me and @makelarisjr had a blast developing this challenge, hope you like it! Have fun!

Nah… Amazing information asymmetry. Again <3

such a headache. at least i know it must be something really obscure, 24 hours after release still no blood
EDIT: well i got past one thing, but i have no idea what to do now. i would appreciate a nudge from someone :T

EDIT: holy ■■■■ what a ride! after days of working almost non stop, someone told me that the new download package with the docker files was available now and i spotted the thing i missed. only 10 hours later here i am :stuck_out_tongue:
mad respect for this box, man. i loved every second of it (even the pailful bits)

Just finished, amazing challenge. Probably one of the most realistic challenges I’ve seen, nothing stands out as ‘Exploit me!’ until you look deep.

@clubby789 can you please tell me how to get start with this? It would be really helpful for me

Spoiler Removed

Spoiler? I did not post any spoilers.

Are files part of the challenge?

I’m completely new to Hack the box.
I’m trying the imagetok challenge.

I just wonder if the files that are available for download are a part of the challenge? or is it just for running the challenge locally?

I ask because I don’t want to find the solution from the source code if I’m not supposed to

@carmel said:

Are files part of the challenge?

I’m completely new to Hack the box.
I’m trying the imagetok challenge.

I just wonder if the files that are available for download are a part of the challenge? or is it just for running the challenge locally?

I ask because I don’t want to find the solution from the source code if I’m not supposed to

In general, everything provided by a challenge is also part of the challenge. All challenges are there to teach you some cool techniques, and sometimes to teach you basics. But they are are definitely made to make you throw random stuff against a website (especially when the challenge is about a rather obscure, lesser-known technique). And that is why you often get some kind of hint: sometimes just a few words, sometimes the source code of (part of) the web application.

Anybody else getting weird error on the docker build script? " codeload.github.com bad address"

Is anyone able to give me a little bit of help with this challenge? I have been working on this for a while (and loving it!) and believe I have all of the pieces required (which are many!) and can prove them on my local Docker instance, but there are a couple of things I simply can’t find a way past. I’m either over-complicating it, or just missing something obvious. I’ve put so much time into this, and learnt so much, but I really want to finish it off. I’m happy to explain everything I’ve done, if someone is able to spare a few moments to help me. Anyone willing to DM?

Update - now finally solved after a couple of hints from a kind soul. Huge respect to @makelaris for such a fantastic challenge. Learnt a lot from this one.

Type your comment> @zauxzaux said:

Anybody else getting weird error on the docker build script? " codeload.github.com bad address"

I wasn’t able to build the docker image, it prints:

#9 13.95 config.status: executing depfiles commands
#9 14.11 config.status: error: in `/tmp/curl-7.70.0':
#9 14.11 config.status: error: Something went wrong bootstrapping makefile fragments
#9 14.11     for automatic dependency tracking.  If GNU make was not used, consider
#9 14.11     re-running the configure script with MAKE="gmake" (or whatever is
#9 14.11     necessary).  You can also try re-running configure with the
#9 14.11     '--disable-dependency-tracking' option to at least be able to build
#9 14.11     the package (albeit without support for automatic dependency tracking).
#9 14.11 See `config.log' for more details
------
executor failed running [/bin/sh -c wget https://curl.haxx.se/download/curl-7.70.0.tar.gz && tar xfz curl-7.70.0.tar.gz     && cd curl-7.70.0/ && ./configure --with-ssl     && make -j 16 && make install]: exit code: 1

I also have tried the suggestion to re-running the configure with the --disable-dependency-tracking option, but still no luck.

If you are having trouble getting the docker image to compile, it seems like the problem is that the latest version of alpine doesn’t play nicely with this version of curl. Changing alpine:edge to alpine:latest on the first line made it work for me. I doubt it will make it unsolvable, but if someone who has done so can very I would be grateful.

Update: Was able to solve it with the changed docker file, so have at.)

I tried to run the build_docker.sh, but i had the error message “Step 13/17 : COPY imagetok /www
COPY failed: file not found in build context or excluded by .dockerignore: stat imagetok: file does not exist”. The same error happened no matter alpine:edge or alpine:latest.

=========================
I managed to find out the mistake i made and resolved it. Now, the docker image is running. However, when i tried to access to the http://docker IP/, nothing could be displayed. Is it normal?

What’s the use of running the docker image? Without running the docker image, can we still exploit the challenge? (I’m sorry that this is my first time to work on a challenge.)

R we expecting to have a reverse shell from the instance and do privilege escalation to get the flag?

hi guys