Canape

To everyone stuck at their pickled payload not working when submitted to the site: try using a popular http library for the submission of your pickled code. Copy & pasting the payload from the terminal + bad url encoding fucks up the payload, with the mentioned library it worked flawlessly.

Great box, enjoyed it all the way through lol

Is anyone else receive Bad Request on check endpoint ??

NVM got it :slight_smile:

@bugzy said:
Is anyone else receive Bad Request on check endpoint ??

finally working :slight_smile:

Finally rooted. Feel free to PM me for vague nudges :wink:

rooted!
Need a nudge? PM!

Rooted :slight_smile:
Good and learn many new things
root and user was easy after getting first foothold :wink:

Lost getting the initial foothold. Anybody can give me a nudge??

if some gentle soul is willing to guide me through the cursed valley of the couchdb … I can already look inside but still lost where to look …
pls pm

I need some help for Grammar web challenge

This box was a school !
finally root conquered !

I am feeling stupid for not being able to get the initial foothold… anyone could PM me?

Hint on getting foothold: 1) yes it does require research, 2) common public approaches probably won’t work 3) but yes there is a public example out there 4) don’t copy and paste. If you need to copy and paste, base64 if your friend. 5) probably want to test locally 6) need to be able to read and understand the code

Owned. Great box all around. Thoroughly enjoyed it. Looking back, it’s not hard once you know the paths. Root is trivial. You’re main difficulties are entirely going to be getting user. Just keep at it. PM for hints.

If anyone can help with getting RCE, send me a PM. Been trying a lot of different things, but all have resulted in 500 errors.

@Grim120 said:
If anyone can help with getting RCE, send me a PM. Been trying a lot of different things, but all have resulted in 500 errors.

PM’d

Anyone mind taking a look at my exploit script, it worked ONCE in a test environment and then went back to triggering 500s. I must have tweaked something bone-headed and broke it.

Got RCE but i’m stuck on user privesc, got hash but can’t crack it. Can anyone PM for any hints please?

Any tips on the initial foothold? I’ve been studying both the DB found and how to “link” it somehow to the repository, still no clue at all. I’ve never had to deal with these. ■■■■, I don’t even know that’s the way.

Anyone free for me to quiz about exploiting this?