Official dynstr Discussion

was able to set sbd***n but now stuck?

i think the problem is that there are not much documentations on the vulnerability, and we can only read through the documentations on the api to try to figure out whats there to be done. Its seriously a super hard box for medium.

read documentation → rce. but stucked . any nudge

I managed to in&&ct my H&&t na/e

But stuck and don’t really know what to do next!
Any hint is appreciated

Maybe Ds hij**kig?

i am stuck, i think that to get user or wwdata i need to go on /ni*/udt*? but i try so much forms to join but always get bdut*, any hints?

Got shell :coffee:

can someone nudge me on how to set up the *** so i can go and *** into the box as *******? sorry if there’s any spoiler in this comment. been googling for the correct setup but still a no go now.

any hint for foothold? ive been bruteforcing subdomains but got nothing

Type your comment> @jlpung said:

i think the problem is that there are not much documentations on the vulnerability, and we can only read through the documentations on the api to try to figure out whats there to be done. Its seriously a super hard box for medium.

finally rooted! EDIT!

@esmyl yup got it finally! hahas

Can anybody give me a nudge? been stuck for a few hours already

Type your comment> @bgokjh said:

Can anybody give me a nudge? been stuck for a few hours already

Same here. Got a CVE… but there is very little info on the same. A nudge on foothold will be much appreciated.

great box! rootet it, if anyone need a hint, just let me know!

Spoiler Removed

To the 5 people who insta-pm’d asking for foothold hints… I would typically wait until it was out of release-arena… but - you are given most of what you need on the web-page, treat the REST as you would pen-testing any other API, don’t overthink it.

I am having problems with connecting to the RA VPN…Any help??

Type your comment> @malc said:

Yup - nice box. I found at least 2 ways to root-flag… would be interested to know which of them @jkr intended

root@dynstr:~# hostname ; id
dynstr.dyna.htb
uid=0(root) gid=0(root) groups=0(root)

its the shell one :slight_smile: i think the other way will be patched soon

got the flag !!! but not the shell :frowning: if someone can give me a hint I would appreciate…

I’m really struggling to get the RCE to work. Any nudge would be appreciated!