Official Intense Discussion

can anyone pm a hint me? im stuck at the R*E part

Type your comment> @justAhmed said:

So, I can read user flag but can’t get a proper shell. I Appreciate any hints on that

Same Here

Hi,

I think i’ve found the vuln in the source code for the foothold but can’t exploit it with success, can someone give me a nudge please ?

Anyone else had a problem with the self generated c*** and solved it? I tried it local the c*** is valid but the data is not correct, it should be adminaccount:adminhash but instead it is otheruser:adminhash

edit: Never mind, the solution was kind of easy.

@sparkla said:

Type your comment> @JMFL said:

Does anyone know what we can do with this?

/submit?setoption=q&option=allowed_ips&value=255.255.255.255

Were does this actually come from? One of the first things someone sent me without any explanation.

Either it is being shared as part of some other discussion on how to get a shell or people are googling for exploits on a particular platform or a medium article and hoping that it is relevant.

( I have no idea if it is relevant or not )

Having a headache reverse engineering the second part after the dot

EDIT: got it thank you @HomeSen

@k4u5h1k said:

Having a headache reverse engineering the second part after the dot

Not sure what you are trying to reverse engineer on the part behind the dot. You have the source, so you should be able to simply see what it is about.

Type your comment> @HomeSen said:

@k4u5h1k said:

Having a headache reverse engineering the second part after the dot

Not sure what you are trying to reverse engineer on the part behind the dot. You have the source, so you should be able to simply see what it is about.

But you can’t calc the 2nd part without knowing the value.

@ps9786 said:

@HomeSen said:

@k4u5h1k said:

Having a headache reverse engineering the second part after the dot

Not sure what you are trying to reverse engineer on the part behind the dot. You have the source, so you should be able to simply see what it is about.

But you can’t calc the 2nd part without knowing the value.

Well, that’s the actual challenge. Looking at how it is constructed, there is a way to “bypass” it :wink:

First Hard box im trying, and need some help. can someone pm please? :blush:

Got root.
Thank you @sokafr for such a nice box. Enjoyed analyzing python code.

@dayld congratz ! I’m glad you enjoyed it :slight_smile:

I’m stuck, I’ve managed to get a hash, but I can’t crack it. Can anyone give me any clues?

Rooted!!
The root and user part are quite different than the usual machines.

HInts:

For user part, you’ll find something vulnerable at webapp, use that and read the zip file very carefully …all you need is in those scripts, there is an attack that is unheard of…gotta make your own script .
For root part, sometimes when you can’t get to the other end of a river through a bridge, then maybe you could make a tunnel with your B*F weapons.

I hope i have not spoiled anything!! Feel free to pm me…

@CyberVaca said:
I’m stuck, I’ve managed to get a hash, but I can’t crack it. Can anyone give me any clues?

You don’t need to crack it. Look into other attacks against cryptographic hashes.

Type your comment> @metuldann said:

@CyberVaca said:
I’m stuck, I’ve managed to get a hash, but I can’t crack it. Can anyone give me any clues?

You don’t need to crack it. Look into other attacks against cryptographic hashes.

@metuldann said:

@CyberVaca said:
I’m stuck, I’ve managed to get a hash, but I can’t crack it. Can anyone give me any clues?

You don’t need to crack it. Look into other attacks against cryptographic hashes.

Ok, thx u. :wink:

Spoiler Removed

Spoiler Removed

Type your comment> @k4u5h1k said:

Type your comment> @WhosYourPaPa said:

i stuck at how can execute two Sqlite SQL. the sqlite execute mehod only can be execute one sql. it’s a rabbt hole? i tried using google , but not get any good result.

use CASE

nice, i scccessful executed sql. thanks.

Spoiler Removed