Official Weather App Discussion

read through the code. think i know what to do with /r******r but its not working. Am i missing something?

I finished… I think the challenge should be worth more than 30 points. Anyway, It’s a great one and I learned quite a bit. Thanks!

Can anyone please DM me any nudge? I’m stuck on the by**** and have successfully exploited the rest.

I have the weirdest issue. My payload works on my local Docker but not with the HTB online server.

I tracked it down to a console.log debug message i added to check out what’s going on. With it, it works. Without it, it doesn’t.

hui that thing brings me to my limit…
After a lot of Days, I can now bypass the localhost check.

But now I do not find what to do, because only one query is allowed.
I would be very grateful for a little hint

I have stuck and I don’t know what to do next. Can someone DM me with a bunch of hints ?

Finally got it! A nice challenge, learned a lot.

I’d not rate this as easy though, simply due to the many small things you need to do. But it might just be me who still have a lot to learn :tired_face:

DM me for hint (write what you’ve tried)

Code analysis proves that manipulating registration should give a flag, but I can’t find the correct poison. ***Am I on the right path??

Brute-forcing isn’t practical since encryption is way strong
should I just root the remote box to get the flag??

I am able to bypass localhost check, but the server always gives me parsing error. Can someone DM me for a hint?

Update: Done (check correct Content-Type)

I can’t find how to bypass localhost check, any hint?

@witer33 said:
I can’t find how to bypass localhost check, any hint?

use proxychains

finally done! It was so frustrating to find a way to bypass ip check. For all those who have no idea how to do the PT request, my advice is to read VERY carefully the j******t code and search online for well known vulnerabilities.

Feel free to DM me with what have you tried.

I finally managed to finish this one. I wrote a python script that worked on my local container but didn’t work on the remote machine. I was going insane and decided to spin up a Linux VM and run the python script from there (I was using a Windows PC). It worked flawlessly from the VM, and I can’t figure out what is going on here.
For the record, the same Python version is running in both the PC and the VM (3.9.2), and I’m not reading any files, the full payload in inside the code.
Any insights on why this happens would be great!

Can someone help me bypass the registration part? I use burp to catch the post before it hits the server but don’t know how to modify my IP to get a successful registration. Something to do with the x-forwarded header?

I have successfully added my payload to the PT request and R***R is hit, but somehow the IP check always fails (remoteAddress == undefined). Can someone help me out?

Wow, that was rough. Finally starting to understand how it works. Pro tip: you only need to send requests, nothing with proxy chains etc

I finally got it. Thanks to all the hints in the thread! All you need is here…

Type your comment> @Difrex said:

I’m stuck at the rr part, but already got a flag in the local env. Is there any way to do a P request via a/******r method?

Use burp and see what are the parameters being sent in that request to a**/******r. Then think about how can you use the “top 10” to exploit this.

Review the code, think like a programmer and see what should be “fixed”.
Then put all pieces together.Hope this helps. Good luck.

@witer33 said:
I can’t find how to bypass localhost check, any hint?

Look for the “top 10”