Official Cereal Discussion

Official discussion thread for Cereal. Please do not post any spoilers or big hints.

«1

Comments

  • Spoiler Removed

  • good luck

  • this must be a record breaker (LOL) spoiler in the first comment !! @cool4coder what did you give away the IP address 🥴

  • I've been on this S'Mores cereal binge for awhile. It's like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It's da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.

  • Type your comment> @Zot said:

    I've been on this S'Mores cereal binge for awhile. It's like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It's da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.

    I just had a terrible, horrible thought. If somehow, I couldn't have cereal anymore, I'd be decerealized. gasp Then I'd probably get thrown into rehab. Get released into a group home. Have to go to cerealaholics anonymous meetings. I think I had a nightmare like that once.

  • Alright I think I know the exploit but I need the username and password for it to work. If anyone else has found out the exploit please tell me whether it is a rabbit hole or not!!
    (exploit is related to something sweet)

    image

  • "X-Powered-By: XXXXX"
    Yep, hard machine. That's all my progress, I'm not ready to solve this yet. Any help?

  • WHY??
    ```
    HTTP/1.1 401 Unauthorized
    Server: Microsoft-IIS/10.0
    Strict-Transport-Security: max-age=2592000
    WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration"
    X-Rate-Limit-Limit: 5m
    X-Rate-Limit-Remaining: 0
    X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z
    X-Powered-By: Sugar
    Date: Fri, 27 Nov 2020 15:03:46 GMT
    Connection: close
    Content-Length: 0
    ```

    Hack The Box

  • I have generated the valid token, where I can choose the food

    Hack The Box

  • Look at your error:
    The token has no expiration

    Hack The Box

  • Type your comment> @ryarnyah said:

    Look at your error:
    The token has no expiration

    yes I've seen but I don't know how to set a date

    Hack The Box

  • ok

    HTTP/1.1 200 OK
    Content-Type: application/json; charset=utf-8
    Server: Microsoft-IIS/10.0
    Strict-Transport-Security: max-age=2592000
    X-Rate-Limit-Limit: 5m
    X-Rate-Limit-Remaining: 5
    X-Rate-Limit-Reset: 2020-11-27T16:06:53.4910732Z
    X-Powered-By: Sugar
    Date: Fri, 27 Nov 2020 16:01:53 GMT
    Connection: close
    Content-Length: 43
    
    {"message":"Great cereal request!","id":17}
    

    Hack The Box

  • Type your comment> @ryarnyah said:

    Look at your error:
    The token has no expiration

    you have PM

    Hack The Box

  • Is there anyone who can give some hint (no spoiler please). I'm stuck for so long with **S & Restri**** to trigger my payload?

    Hack The Box

  • Generated a valid token and stuck at the GET part. Hints anyone?

  • Type your comment> @luca76 said:

    WHY??

    HTTP/1.1 401 Unauthorized
    Server: Microsoft-IIS/10.0
    Strict-Transport-Security: max-age=2592000
    WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration"
    X-Rate-Limit-Limit: 5m
    X-Rate-Limit-Remaining: 0
    X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z
    X-Powered-By: Sugar
    Date: Fri, 27 Nov 2020 15:03:46 GMT
    Connection: close
    Content-Length: 0
    

    because when you read the source code there is a whitelisting of IP.

  • Got user... i'm a dick...

    Hack The Box

  • guys can anyone help me to root? PM me

    Hack The Box

  • edited December 2020

    Could anyone give a hint on ip restrictions?

  • Even with a bypass for the ip restriction I still hit a 403. I must be missing something.

  • Can I message someone for a hint?

    Hack The Box

  • Can i get any hints i am stuck at building a valid token.

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • Stuck on 403s - any help would be greatly appreciated in DM.

  • @luca76 said:

    guys can anyone help me to root? PM me

    PM if you want, i'll help on root.

    'These violent delights have violent ends'

  • N0pN0p
    edited December 2020

    Type your comment> @Caracal said:

    @luca76 said:

    guys can anyone help me to root? PM me

    PM if you want, i'll help on root.

    thanks Bro, you have a PM :wink:

    Hack The Box

  • Anyone have hints for 403 Forbidden

  • Need a sanity check on deserialization. All works locally, but not on remote.

  • edited December 2020

    So, I'm pretty sure I know what to do. I can create cereals, but when I try to list or get them, the request simply times out (after I managed to get around the 403).
    Anyone an idea what I might be doing wrong, here?

    EDIT(h says):
    Seems like I forgot a newline. But now I can't get around the 403 (even though I added the respective (plus some more) headers) :/


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • edited December 2020

    I had some tips from someone who did this box, but they don't seem to work anymore. There is a field that is vulnerable to XSS (and yes I can get a response back to me). Tried to insert javascript with XMLHttpRequest to trigger my payload but without success. Who has some tips?

    And things that seems to works, does not work an other time. Sometimes it can take a while before I get a response.

Sign In to comment.