good luck
this must be a record breaker (LOL) spoiler in the first comment !! @cool4coder what did you give away the IP address ?
lawlll
I’ve been on this S’Mores cereal binge for awhile. It’s like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It’s da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.
Type your comment> @Zot said:
I’ve been on this S’Mores cereal binge for awhile. It’s like, Cocoa Puffs, mixed with Golden Grahms, mixed with mashmallows. It’s da bomb. I still add a few spoonfulls of sugar. Cereal is powered by Sugar alright. Lol.
I just had a terrible, horrible thought. If somehow, I couldn’t have cereal anymore, I’d be decerealized. gasp Then I’d probably get thrown into rehab. Get released into a group home. Have to go to cerealaholics anonymous meetings. I think I had a nightmare like that once.
Alright I think I know the exploit but I need the username and password for it to work. If anyone else has found out the exploit please tell me whether it is a rabbit hole or not!!
(exploit is related to something sweet)
“X-Powered-By: XXXXX”
Yep, hard machine. That’s all my progress, I’m not ready to solve this yet. Any help?
WHY??
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=2592000
WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration"
X-Rate-Limit-Limit: 5m
X-Rate-Limit-Remaining: 0
X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z
X-Powered-By: Sugar
Date: Fri, 27 Nov 2020 15:03:46 GMT
Connection: close
Content-Length: 0
I have generated the valid token, where I can choose the food
Look at your error:
The token has no expiration
Type your comment> @ryarnyah said:
Look at your error:
The token has no expiration
yes I’ve seen but I don’t know how to set a date
ok
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=2592000
X-Rate-Limit-Limit: 5m
X-Rate-Limit-Remaining: 5
X-Rate-Limit-Reset: 2020-11-27T16:06:53.4910732Z
X-Powered-By: Sugar
Date: Fri, 27 Nov 2020 16:01:53 GMT
Connection: close
Content-Length: 43
{"message":"Great cereal request!","id":17}
Is there anyone who can give some hint (no spoiler please). I’m stuck for so long with S & Restri** to trigger my payload?
Generated a valid token and stuck at the GET part. Hints anyone?
Type your comment> @luca76 said:
WHY??
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=2592000 WWW-Authenticate: Bearer error="invalid_token", error_description="The token has no expiration" X-Rate-Limit-Limit: 5m X-Rate-Limit-Remaining: 0 X-Rate-Limit-Reset: 2020-11-27T15:06:50.5099306Z X-Powered-By: Sugar Date: Fri, 27 Nov 2020 15:03:46 GMT Connection: close Content-Length: 0
because when you read the source code there is a whitelisting of IP.
Got user… i’m a ■■■■…
guys can anyone help me to root? PM me
Could anyone give a hint on ip restrictions?
Even with a bypass for the ip restriction I still hit a 403. I must be missing something.