@Eren said:
Can someone explain to me what tr -dc ‘a-zA-Z0-9’ means? I know it might have nothing to do with solving the challenge, but I just want to understand.
tr translates one set of characters to another set of characters. For example echo hackthebox | tr 'a-z' 'A-Z' would output HACKTHEBOX. The -d flag deletes a set of characters and the -c flag inverts the set so tr -dc 'a-zA-Z0-9' would delete any character that isn’t a letter or a number. For example echo 'h&ck+th3B%x' | tr -dc 'a-zA-Z0-9' would output hckth3Bx.
FWIW I didn’t need this to complete this challenge but it’s good one to know about. You can find out more with man tr.
@Eren said:
Can someone explain to me what tr -dc ‘a-zA-Z0-9’ means? I know it might have nothing to do with solving the challenge, but I just want to understand.
tr translates one set of characters to another set of characters. For example echo hackthebox | tr 'a-z' 'A-Z' would output HACKTHEBOX. The -d flag deletes a set of characters and the -c flag inverts the set so tr -dc 'a-zA-Z0-9' would delete any character that isn’t a letter or a number. For example echo 'h&ck+th3B%x' | tr -dc 'a-zA-Z0-9' would output hckth3Bx.
FWIW I didn’t need this to complete this challenge but it’s good one to know about. You can find out more with man tr.
Indeed, @Fugl post is a riddle in itself, at least for noobs like me, but after wasting hours in what turns out to be a dead end, it guided me towards the solution. Grade A comment.
hello, i know we need to upgrade our Low Floor Industrializer to a Really Cooperative Experience, but the cereal isnt working, any tips on how to make the cereal and uncereal work? i figured that i need to construct a suitable payload in the cookie :v
hello, i know we need to upgrade our Low Floor Industrializer to a Really Cooperative Experience, but the cereal isnt working, any tips on how to make the cereal and uncereal work? i figured that i need to construct a suitable payload in the cookie :v
No need to construct a payload in the cookie, you need to upgrade in a Toxic way
I just finished Toxic and I think the first half is pretty easy, I discovered the vuln pretty quickly and could read files like /etc/passwd etc…, but I could NOT figure out how to read the flag, which has a trailing random value. After much study and scrolling through the comments, I learned why this challenge is called Toxic (a synonym for another well know attack vector). So, when I thought I had it all figured out, it still no workie I had a Server 500 error when I changed some parameters of my payload.
I finally enlisted my inner Tier 1 support and restarted the target instance and BOOM, my thing worked and I got the flag. A mix of my n00bness + boned instance == time I wish I could get back! Cheers!
Poisonous? I have found the vuln and I am able to read stuff like etc/passwd and etc/hostname, but not the flag. Do I need to provide something like a file to upgrade to a Really Cooperative Experience?