Injection working, nothing comming in

Markb2
8 years ago

3

Hi guys,

I just tried this level once more after taking a break from doing challenges for a couple of months.
The first part went pretty smooth I guess, but now I have injected my code and not getting any response.

The code works, I do get my own send to me, but after waiting for more than 15 minutes I still did not retrieve anything else except my own .

Can someone review my injected code?

f0rk [HackingGuy]
8 years ago

3

PM me, given the same thing is happening to me. I wonder..

There’s no place like 127.0.0.1

dloser
8 years ago

3

Because it is an automated challenge, some things might not work. For example, I think that in older threads we’ve seen that https://... and //… cannot be used.

Markb2
8 years ago

3

Ai, my URL starts with https:// but it does work for me. I do get my own cookies like I want them..

So you suggest to use a non https link?

dloser
8 years ago

3

Definitely worth a try.

Richard Brook [RichardBrook]
8 years ago

3

Also…be stealthy!

A beginner practices until he gets it right, a professional practices until he can’t get it wrong!

Markb2
8 years ago

3

Done.

Now we wait .. ;)

Markb2
8 years ago

3

Well, I thought I was being stealthy.
As in.. If I look at the page, I won’t see any code nor do any (visible) redirects show up.

But still, the session seems to be expired. If I use the cookie I won’t get a working session..

f0rk [HackingGuy]
8 years ago

3

Ive even gotten the “cookie”. Its just the fashion I’m editing in I guess..

There’s no place like 127.0.0.1

Markb2
8 years ago

3

I’ve send you a PM.

I just don’t get how this method is not working. I’ve tried other methods as well, but can’t find one that is both working and returning a working session…

dloser
8 years ago

3

Are you putting in anything else besides the exploit?

Markb2
8 years ago

1

Hmm, going to send you an PM, talking about this without spoilering will be hard.

Numlock90
8 years ago

3

I know obfuscation appears to be a heavy part of this level.
I heard you need to make plenty of comments to your code ;)

Most situations are 95% PIBCAC 5% Network.

Markb2
8 years ago

1

Did succeed this level. It appears I made an error while trying to input the cookie into my browser.

Continuing with crypto 7 right now :).

darkcyber
8 years ago

2

I get my own cookie on my log, but not the admin cookie after few hours. My method is stealthly. Anyone want to check my code?

tl0tr
8 years ago

2

@darkcyber : Yes, please post your code in the solutions. I would like to see it.

darkcyber
8 years ago

2

@tl0tr
Not yet success, the problem is I’m got no admin cookie for few hours. I believe my injection code is OK. Can I PM You my injection?

tl0tr
8 years ago

2

@darkcyber : Yeah PM me but send me code in the same order you are injecting it.

darkcyber
8 years ago

2

@tl0tr sent you a PM

tl0tr
8 years ago

2

@darkcyber : I have replied you back. Let me know if you can figure it out.

tschakram [75ch4kr4aa]
4 years ago | reply to #57299

2

Hello did somebody solve ithe level?
I have the same problem. Inject is on the site but i didn`t get a admin cookie.
Can somebody check my solution ?

fred [feuerstein]
4 years ago

2

You can send your approach in a private message. I’ll see what I can do for you

tschakram [75ch4kr4aa]
4 years ago

2

Thanks for checking my script. I think the level is down. I will send a pm to the admin.

tppt
4 years ago

2

Hi, just checking if this level is still working? I also have a stealthy code and I don’t receive any details back to my logs after waiting one hour. I tried both https and http requests.
My local attempts are working properly and I can read my data.

Who is the admin that I could ping if something need to be fixed? Thanks for your feedback!!

tschakram [75ch4kr4aa]
4 years ago

4

Hello tppt, thanks for your feedback. I wrote last month a help request and then one more last week. No response till now. I will email the admin now. Maybe we obtain a response per email.

Kaldah
4 years ago

2

Hi, is the level still offline ? I tried an injection which seems to work with and so should be working with the admin but nothing after some hours of waiting. So, I guess it’s offline but I ask in case I’m doing something wrong.

eduardo.silva
3 years ago | edited 3 years ago

1

yeah I have the same problem. I can execute my payload and extract my own cookie but not the relevant one.

eduardo.silva
3 years ago

0

Can anyone confirm that the challenge is working properly?

Kaldah
3 years ago | edited 3 years ago

0

The challenge seems to be working as I can get the admin cookie even if he doesn’t work for me I don’t think it is due to a problem with the challenge or at least not this part.

By the way, when I try my injection on an other navigator it works fine and I believe I’m doing it the right way (stealthy enough) but the cookie doesn’t work and I think it is because a former injection I did on an other navigator doesn’t disappear even after clearing messages. (and so could make the challenge think I’m not stealthy enough). But maybe it’s just because it is broken ^^‘ (I don’t know if it does this problem just for me or not)

edit: I just think a little and find a way to solve my problem

eduardo.silva
3 years ago

0

Allright seems I need to do something else than just making a connection to my server

eduardo.silva
3 years ago

0

Well I got the relevant cookie but keeps saying the session is expired. So I guess I am at the same point as you @Kaldah

Ron [tptome]
2 years ago

0

I got the XSS to work and I can take cookies, but it’s only taking my cookies. I think this challenge is broken

Ron

TestDummy
2 years ago

0

I face the same situation … :(

4 replies have been removed

Injection working, nothing comming in

SecureUs

3

3

3

3

3

3

3

3

3

3

3

1

3

1

2

2

2

2

2

2

2

2

2

2

4

2

1

0

0

0

0

0

0