Possibly Related Threads…

haykino · Dec 09, 2023, 01:24 PM

please i need help, im stucked in the apethanto uni ctf, i managed to find the metabase but the rce is not working.

Vakeraz · Dec 09, 2023, 02:35 PM

I'm also stuck on priv'esc for Apethanto Huh

. I've got easy web & forensic if you wanna trade

caccapuzza · Dec 09, 2023, 02:36 PM

(Dec 09, 2023, 02:27 PM)takahata Wrote: hey I change Apethanto root steps for the web and pwn easy challenges

dm me i got what u need

zapot · Dec 09, 2023, 03:45 PM

hi all , i got rev-shell
i need a hint for Apethanto root

zapot · Dec 09, 2023, 04:32 PM

using the cve i got rev-shell
https://github.com/shamo0/CVE-2023-38646...3-38646.py
but u need to add token and collaborator url

PingPong123a · Dec 09, 2023, 05:25 PM

Need a hint on the last reverse chall plz

AliceSynthesis · Dec 09, 2023, 06:49 PM

Anyone else working on Nexus_Void?
Able to login as the "clown" with a simple SQLi on password,
but can't seem to figure the next step.
I assume it has something to do with the Wishlist, as it returns a 500 for everything else than a request with valid params.
Will try to sqlmap that, but would appreciate a hint :3

st123 · Dec 09, 2023, 07:20 PM

(Dec 09, 2023, 06:49 PM)AliceSynthesis Wrote: Anyone else working on Nexus_Void?
Able to login as the "clown" with a simple SQLi on password,
but can't seem to figure the next step.
I assume it has something to do with the Wishlist, as it returns a 500 for everything else than a request with valid params.
Will try to sqlmap that, but would appreciate a hint :3

Oh i thought that one is something to do with how its deserializing data. maybe get rce through that. coz theres no other way to get the flag lol

AliceSynthesis · Dec 09, 2023, 07:22 PM

(Dec 09, 2023, 07:20 PM)st123 Wrote:
(Dec 09, 2023, 06:49 PM)AliceSynthesis Wrote: Anyone else working on Nexus_Void?
Able to login as the "clown" with a simple SQLi on password,
but can't seem to figure the next step.
I assume it has something to do with the Wishlist, as it returns a 500 for everything else than a request with valid params.
Will try to sqlmap that, but would appreciate a hint :3

Oh i thought that one is something to do with how its deserializing data. maybe get rce through that. coz theres no other way to get the flag lol

Have Web challenges required shell access in the previous CTFs?
I can't recall but it seems rather weird imo.

st123 · Dec 09, 2023, 07:25 PM

(Dec 09, 2023, 07:22 PM)AliceSynthesis Wrote:
(Dec 09, 2023, 07:20 PM)st123 Wrote:
(Dec 09, 2023, 06:49 PM)AliceSynthesis Wrote: Anyone else working on Nexus_Void?
Able to login as the "clown" with a simple SQLi on password,
but can't seem to figure the next step.
I assume it has something to do with the Wishlist, as it returns a 500 for everything else than a request with valid params.
Will try to sqlmap that, but would appreciate a hint :3

Oh i thought that one is something to do with how its deserializing data. maybe get rce through that. coz theres no other way to get the flag lol

Have Web challenges required shell access in the previous CTFs?
I can't recall but it seems rather weird imo.

yea there have been challenges like that in the past. Mostly using the python pickle exploits . Maybe this time they wanted to do the same but with c#

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox All Cheatsheets	Tamarisk	15	815	2 hours ago Last Post: 0x5k1z0
	CPTS-FLAG	darkcat	14	5,727	3 hours ago Last Post: Sukon
	[FREE] CPTS 12 FLAGS	pulsebreaker	78	2,604	3 hours ago Last Post: hitlerssecretsidechick
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	91	8,292	3 hours ago Last Post: hitlerssecretsidechick
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	381	94,521	6 hours ago Last Post: xixi75