Thanks for sharing. My Google-fu probably failed me on finding those, and I was already about to try debugging without those (which caused quite some headache )
Does anyone know, if and when a badge will be released for this machine? I mean, it went live almost 5 months ago
Fun fact about this box - because it is so hard, we can be 100% certain that no more than 34 people have made it to Omniscient rank on HTB since 27 June 2020.
I really feel that getting to 100% ownership is orders of magnitude harder than it was merely 12 months ago. The knock-on effect is that Guru and Elite Hacker are also a lot harder (because getting to 90% ownership when a box and a challenge change every week is painful).
Hopefully this will be taken on-board by the hiring managers, recruiters etc., who seem to be using HTB ranks as a hiring/promotion rule.
I’ve probably missed something obvious for the initial foothold. I’ve spotted the vuln in the repo and know the general direction to exploit it. The only problem is it’s a client-side vuln. How exactly am I supposed to obtain an RCE from it?