[WEB] interdimensional internet

I need a nudge for how can I get info from the server using blind attack

Completed the challenge, anyone who needs help can ping me

well this is impossible on the r***x part, tried everything that was mentioned (encoding, using double) nothing worked, and for some reason there is no simple demonstration on the internet how to workaround this funtion. Might have to use some kind of bruteforce to find the answer… well it was fun until I got to this part lol

Really enjoyed this challenge. The biggest challenge was to bypass the ‘blind’ exfiltration and length restriction. Found a nice way to do both with one method. If you’ve already solved it, I’ll happily disclose my method. If not, think about other ways to send/receive data in a HTTP request/response

if anyone is struggling with the length there are shorter ways to reach the func to pull other helping hands. and in some cases, if your request-response doesn’t take more than a second you can basically sleep for the amount of time and then round() up in python to know the number instead of checking one by one. lastly, if something is toooooo big, look for other ways to reach it without mentioning it fully. you already have all the helping hands you need to exfil.

How the ■■■■ was that ■■■■ 30 points? Oh geez…
Feel free to PM for nudges

where is methods??? :confused:

Wow, that was very interesting and challenging. Congrats @makelaris , got a lot of fun here.

A few tips that could be handy:

  1. Try to understand how the application works, don’t submit payloads like a crazy.
  2. Replicate locally. You need to do something with the payload to make readable by the application. You can force some custom errors to see if it is working.
  3. Read about what you need and how to exploit it. Doing locally is faster and effective.
  4. After that, you have to bypass some filters, that’s a bit tricky.
  5. Some commands might not work. I did it blindly but there are another options.

Anyways, PM if you are stuck.

Finally cleared it today. This challenge is not done just by the 30 points you get for it. Just saying.

Super cool challenge, you’ll learn so much during this challenge… PM for hints

Hi! I’m stuck, my payload is working fine locally but not working in real server. Thanks in advance!!

Done! The challenge was really made to benchmark your performance of brain XD. Thanks @makelaris

Few tips from my side are:

  • Focus more on debugging the source ( to understand all the little bits)
  • For attack, you have to really think how your snake ? bytes
  • Take things nice and slow for the victim to sleep

That’s all, if you still want a nudge then I am just a PM away. Good Luck!

Posted this in the wrong place, would appreciate this be deleted if a mod stumbles across.

Need nudge i am stuck in this challenge i am not very good in coding i understand the code can anybody can help me i have written some code when i used that i am getting this error.

Method Not Allowed

The method is not allowed for the requested URL.

Woo… this flag is so ■■■■ long :slight_smile:

.

I was scared of this one cuz so many people rated it brainfuck, but it’s not really any harder than the other 30 and 40 point challenges. Tons of examples on google of what to do, the hardest part for me was getting passed the filter. Also, you aren’t blind when you put things in, so theres no reason to lose your eyesight to get things out.

Stuck on the challenge since 3 days, please DM me for a nudge I am wondering how can I get info from the server, both blindly or remotely.

Hello everyone, please tell me how to bypass regex [‘[’, ‘(’, ‘_’, ‘.’].

I would also like a nudge about bypassing the regex ^
Also, the the challenge change at some point, because older posts are talking about POST data, while it look like changing session cookies to me