Official petpet rcbee Discussion

Official discussion thread for petpet rcbee. Please do not post any spoilers or big hints.

■■■ how cute!!!

The first part is too easy though

Edit: Stupid me…Not the way I thought…But its right there just do the right search…If you know the way you really don’t what that search too…

For some reason I ignore, I was trying with the docker image but it was not working… So I tried to spawn an instance and it worked !!! Maybe it will help someone… Nice challenge…

Well…now I know what a “petpet meme” is…I’m getting old…haha! Great challenge! Should be pretty easy to get going in the right direction, but feel free to PM me for a nudge. :slight_smile:

Nice challenge! Initially I didn’t notice the zip attachment and wasted some time trying different approaches, but after that things went much easier. Everything you need to know to get the flag it is in the source code, just read it.

Was fun, but didn’t manage to get a reverse shell, so I had to exfiltrate the flag directly. If anyone got a reverse shell and wants to share it with me, it would be great :slight_smile:

Just got the flag after a lot of trial and error. Can someone please DM me how I was supposed to know which exploit to look for? Was there a hint in the source code somewhere? I can’t imagine just trying 20 different image RCE techniques was the correct path. Given the number of easy ratings on this I’m guessing I missed something. Cheers.

any nudge?

Typically they set these up so that the box can’t get out to the internet, so there is no way to get a reverse shell

Cute challenge :slight_smile: Provided me with something new that I definitely want to keep in my toolbox now

I just finished this one. Definitely read the src code and while running this app in a local container is not really necessary, reading the dockerfile is :slight_smile:

Happy hunting.

Hi Team,

I lunched docker locally and I was able to get the flag. Same thing doesn’t work on HTB.

Am I doing something wrong?

Thanks,
T.

Same thing just happened to me. Works in docker, just hangs on HTB. Did you figure it out?

Very easy, just google, copy past, change command and thats all.

Can someone help me with some soft hints? I’ve found the CVE but I have no success when I try to trigger RCE.

Hi everyone.

I get a error 400 when trying to upload, both on docker and the htb instance. Is this part of the challenge? I suspect something broke.

Some tips for this machine and others:

  • Read every file of the source code, make sure you are understanding what is happening how where and using which technologies.
  • Take a note of the programming language, libraries, frameworks and their respective versions in the source code that is provided
  • If the flag is on the system file (as supposed to in the database), you need to go beyond and execute code on the system. Trace all the ways that user input (fields, files, cookies, page name, file name,…) travel thorough the application and highlight any serious action that application makes (save/delete/update/query file, database, image, xml, json, etc…
  • Search the web for the name of the libraries and their version + exploit/vulnerability until you find something useful.
  • If you are facing encoding/upload/formatting/networking issues, run the docker locally and hard code parameters until you get a working exploit and then go backwards until you solve all the intermediate problems.

Don’t give up because the flag is probably closer to you than you think!!!