by yivador274 - Monday January 8, 2024 at 09:18 AM
(01-16-2024, 09:42 PM)fl00d777 Wrote: Stuck on first flag. I think I need to become ellonmusk, but how? Have access to _profiler, looking for clues. can someone give me a hint plz?
Yes you are right, you need to become elonmusk, on code analysis this fact stands out that new users cannot be elonmusk.

However, this string comparison also yields the vulnerabiliy, you can register as EloNMusK for example. This way you can also login with your new user and impersonate that user.

Then grab the admincontroller and analyze its code, you can see how ti downloads files... this way you can achieve LFI and leverage this for further enumeration.

And finally the flag.

Stuck after the second flag.

Done successfully the attack with java.
But stuck on the machine, couldn't find any interesting file or program.

can someone give me a nudge ?
to open:

Possibly Related Threads…
Thread Author Replies Views Last Post
  JET fortress writeup + flags ssrf 31 14,353 02-23-2024, 03:01 AM
Last Post: Xerion
  SYNACKTIV and AWS writeups D0rke1e 8 2,009 02-22-2024, 03:56 PM
Last Post: fatgirl
  Looking for Synacktiv Write up/Walkthrough ophalim 0 213 02-22-2024, 11:05 AM
Last Post: ophalim
  CONTEXT Fortress Flags & Steps supernatural 1 1,342 02-21-2024, 01:56 PM
Last Post: ophalim
  AWS Fortress - Can please anyone share suyash100 23 13,214 02-15-2024, 07:30 PM
Last Post: suyash100

 Users browsing this thread: 1 Guest(s)