Official breaking grad Discussion

Official discussion thread for breaking grad. Please do not post any spoilers or big hints.

Comments

  • First Comment :smiley:

  • Any hints, i'm just able to get "Pass" message

  • Stuck on passed right now

  • solved, nice challnge! If someone need help just PM me :smile:

    Arrexel

  • edited July 3

    also liked this challenge, thanks to the @makelarisjr and @makelaris for submitting.

  • Type your comment> @blackv0x45 said:

    Any hints, i'm just able to get "Pass" message

    Me too. Any help please?? Thanks

  • Also was able to get the 'Passed' message.

    Thinking in two different ways no, to get the flag content.
    1) Trying to do a bash injection, with the error you get when you call /d****/r**
    2) Passing a JS-function to the isO**** function.

    Am I on the right track?
    Any nudge would be helpful

  • azaaza
    edited July 18

    My IP got banned, am I on the right track?
    Edit:
    Looks like m****y l**k is a rabit hole, still going at it.

  • Any hint for this one? I'm no able to figure out how to progress with it.
    /debug commands seams to be rabbit holes, so I'm trying to exploit deserialization into JSON.stringify.

    I'm thinking that I wasn't able to get the conn back due to my local restrictions on my mobile internet connection, seems that the iPhone is not rutting from shared conn to computer on netcat commands.

    If someone can confirm to me that this is the correct path it will be appreciated.

    Thanks

    Reach me on Discord: n3b0r#2873

  • Thanks authors, I'm really enjoyed this one! Simple hint for the others: "Inheritance is the key".

  • edited September 10
    I think overwriting the __*****__ property is the right way, but i don't really get how to do it since every time i try to change it, it ends to merge it as a simple property and not as __*****__.
  • Type your comment> @p4w16 said:

    solved, nice challnge! If someone need help just PM me :smile:

    I'd love to receive some help, but HTB will not let me send messages until certain rank is achieved. Could anyone drop the hints here please?

  • "RangeError: Maximum call stack size exceeded" is that what i am supposed to get?

  • Hi! Could anyone help me with this task? I have some progress here, but need in some hint, Thanks a lot in advance

  • Any hint ? I think i know what part is exploitable but i have no idea how. I've read a lot about safe nodeJs code and i don't see anything that related to the tiny sample that's in this challenge...

    lebutter
    eCPPT | OSCP

  • Finally rooted it.

    1st, it's not a very common vulnerability.
    2nd, even knowing that vulnerability, there's still a lot of work and experimentation locally before you can pull it out, as there are a few things that make the exploitation not straight-forward.

    For those two reasons i think it is fairly hard, at least, a Machine with that to get foothold, who definitely not be ranked medium.

    lebutter
    eCPPT | OSCP

  • Finally rooted it!! I thoroughly enjoyed this challenge!!

    I definitely learned something about a vulnerability that I didn't know existed. I think this challenge is appropriately rated at Medium. Crafting the correct payload took longer for me than actually enumerating the instance, reading the source code, researching what I found, and learning about the vulnerability.

    Tips:

    • You have the source code. Learn as much as you can about how the application works. Google what you don't understand. It may lead you to the vulnerability.
    • Run the application in a local container and experiment with it to figure out what works and doesn't work. I personally use p*****n for testing APIs.

    As always, DM me if you need help or a nudge.

    zalpha
    OSCP | CISSP | CSSLP

    Respect always welcome if I can help you: https://www.hackthebox.eu/home/users/profile/140630

Sign In to comment.