Official nginxatsu Discussion

Official discussion thread for nginxatsu. Please do not post any spoilers or big hints.

any hint??

sweet challenge!! I learned a lot. Its like a journey with Brain F*ck. Definitely worth atleast 75 points. Thanks @makelaris and @makelarisjr for the challenge.

Finally got it! After digging into a rabbit hole for a few days anyway haha. My hint: don’t feel like you need to go super deep into the filesystem to figure this out.

This was tough and so “TIME” consuming! Learned plenty of things from this one! Thanks @makelaris and @makelarisjr !

well, i feel like i’m stuck forever on this one here !!

hints plz

If anyone is willing to lend me a hint please do so in my DM been stuck for ages lol

I am stuck on the second phase.
I managed to perform the edit of a certain sweet thing.
I think i should perform a s*** on the only unprotected thing now.
I know how to generally blind it, but I can’t bypass those back-ticks.
I bet I am on the right path, but I can’t bypass that wrap().
Someone can help/send me hints, please?

I’m stucked second part, i found some blogs and cve but not work, nudges accepted.
Edit: btw solved.

I have coded what’s needed to talk to the app, and i know what to exploit… but am i dumb or S**M*p is unable to exploit it ?!