Official discussion thread for Weather App. Please do not post any spoilers or big hints.
Cool challenge so far! I think I found what i need to do, but I can’t figure out what to do to successful r******r. I’d highly appreciate a small hint or at least telling me if i am on the right track!
EDIT: Ok, for people distracted, don’t forget you can download files for this challenge.
Type your comment> @docluis said:
Cool challenge so far! I think I found what i need to do, but I can’t figure out what to do to successful r******r. I’d highly appreciate a small hint or at least telling me if i am on the right track!
I’m stuck at the “r******r” part, but from the code can see what the next step is.
Successfully get flag in local environment, but in remote environment, if s***p is caught, the server stops. Is there anything I’m overlooking?
Type your comment> @d1mihsp4ce said:
Successfully get flag in local environment, but in remote environment, if s***p is caught, the server stops. Is there anything I’m overlooking?
Im having the exact same issue, did you get there in the end?
It’s not a blocking query, it’s in asynchronous execution which means you’re not going to be able to cause delays or errors. That’s the point of that step.
I finally succeeded to solve it through my exploit.
I’m stuck at the rr part, but already got a flag in the local env. Is there any way to do a P request via a/******r method?
I have requested POST to create a new account successful.
I am trying to exploit Si in r***er function but I stuck here.
Am I on a right way? Somebody give me a hints?
Type your comment> @vnv said:
I have requested POST to create a new account successful.
You don’t need a new account. Just look to existing. How do you do a POST request?
Type your comment> @Difrex said:
Type your comment> @vnv said:
I have requested POST to create a new account successful.
You don’t need a new account. Just look to existing. How do you do a POST request?
@Difrex said:
Type your comment> @vnv said:I have requested POST to create a new account successful.
You don’t need a new account. Just look to existing. How do you do a POST request?
I exploit s#i via request /a*i/w*****r
I’m also stuck.Server stops for some reason when content type is changed. Any hint?
I am stuck at /a**/w****r
Tried to brute force on /ln could not get anything there.
Can anyone please guide me in the right direction?
Thanks
[update-1]
I tried to read the code dump and found something interested with /rr POST request.
I am still stuck at bypassing certain check, tried all X******r header, anyone nudge in the correct direction please.
Finally, get the flag :))! I was on the right way. great challenge!
@vnv said:
I have requested POST to create a new account successful.
I am trying to exploit Si in r***er function but I stuck here.
Am I on a right way? Somebody give me a hints?
found the reason. good luck to everyone and more correct thoughts
can somebody pls give me a hint how is it possible to make a post
?
Can do the POST
but fight to combine all things so that they work - it would be nice if someone could give me a nudge for this
nvm?♂️ - done
read through the code. think i know what to do with /r******r but its not working. Am i missing something?
I finished… I think the challenge should be worth more than 30 points. Anyway, It’s a great one and I learned quite a bit. Thanks!