Official Weather App Discussion

Type your comment> @Difrex said:

Type your comment> @vnv said:

I have requested POST to create a new account successful.

You don’t need a new account. Just look to existing. How do you do a POST request?

@Difrex said:
Type your comment> @vnv said:

I have requested POST to create a new account successful.

You don’t need a new account. Just look to existing. How do you do a POST request?

I exploit s#i via request /a*i/w*****r

I’m also stuck.Server stops for some reason when content type is changed. Any hint?

I am stuck at /a**/w****r
Tried to brute force on /l
n could not get anything there.
Can anyone please guide me in the right direction?
Thanks

[update-1]
I tried to read the code dump and found something interested with /rr POST request.
I am still stuck at bypassing certain check, tried all X
******r header, anyone nudge in the correct direction please.

Finally, get the flag :))! I was on the right way. great challenge!

@vnv said:
I have requested POST to create a new account successful.
I am trying to exploit Si in r***er function but I stuck here.
Am I on a right way? Somebody give me a hints?

found the reason. good luck to everyone and more correct thoughts

can somebody pls give me a hint how is it possible to make a post?

1 Like

Can do the POST but fight to combine all things so that they work - it would be nice if someone could give me a nudge for this

nvm?‍♂️ - done

read through the code. think i know what to do with /r******r but its not working. Am i missing something?

I finished… I think the challenge should be worth more than 30 points. Anyway, It’s a great one and I learned quite a bit. Thanks!

Can anyone please DM me any nudge? I’m stuck on the by**** and have successfully exploited the rest.

I have the weirdest issue. My payload works on my local Docker but not with the HTB online server.

I tracked it down to a console.log debug message i added to check out what’s going on. With it, it works. Without it, it doesn’t.

hui that thing brings me to my limit…
After a lot of Days, I can now bypass the localhost check.

But now I do not find what to do, because only one query is allowed.
I would be very grateful for a little hint

I have stuck and I don’t know what to do next. Can someone DM me with a bunch of hints ?

Finally got it! A nice challenge, learned a lot.

I’d not rate this as easy though, simply due to the many small things you need to do. But it might just be me who still have a lot to learn :tired_face:

DM me for hint (write what you’ve tried)

Code analysis proves that manipulating registration should give a flag, but I can’t find the correct poison. ***Am I on the right path??

Brute-forcing isn’t practical since encryption is way strong
should I just root the remote box to get the flag??

I am able to bypass localhost check, but the server always gives me parsing error. Can someone DM me for a hint?

Update: Done (check correct Content-Type)

I can’t find how to bypass localhost check, any hint?

@witer33 said:
I can’t find how to bypass localhost check, any hint?

use proxychains

finally done! It was so frustrating to find a way to bypass ip check. For all those who have no idea how to do the PT request, my advice is to read VERY carefully the j******t code and search online for well known vulnerabilities.

Feel free to DM me with what have you tried.