Injection working, nothing comming in

SecureUs

Markb2
7 years ago

3

Hi guys,

I just tried this level once more after taking a break from doing challenges for a couple of months.
The first part went pretty smooth I guess, but now I have injected my code and not getting any response.

The code works, I do get my own send to me, but after waiting for more than 15 minutes I still did not retrieve anything else except my own .

Can someone review my injected code?

32replies
15voices
865views
f0rk [HackingGuy]
7 years ago

3

PM me, given the same thing is happening to me. I wonder..

dloser
7 years ago

3

Because it is an automated challenge, some things might not work. For example, I think that in older threads we’ve seen that https://... and //… cannot be used.

Markb2
7 years ago

3

Ai, my URL starts with https:// but it does work for me. I do get my own cookies like I want them..

So you suggest to use a non https link?

dloser
7 years ago

3

Definitely worth a try.


3

Also…be stealthy!

Markb2
7 years ago

3

Done.

Now we wait .. ;)

Markb2
7 years ago

3

Well, I thought I was being stealthy.
As in.. If I look at the page, I won’t see any code nor do any (visible) redirects show up.

But still, the session seems to be expired. If I use the cookie I won’t get a working session..

f0rk [HackingGuy]
7 years ago

3

Ive even gotten the “cookie”. Its just the fashion I’m editing in I guess..

Markb2
7 years ago

3

I’ve send you a PM.

I just don’t get how this method is not working. I’ve tried other methods as well, but can’t find one that is both working and returning a working session…

dloser
7 years ago

3

Are you putting in anything else besides the exploit?

Markb2
7 years ago

1

Hmm, going to send you an PM, talking about this without spoilering will be hard.

Numlock90
7 years ago

3

I know obfuscation appears to be a heavy part of this level.
I heard you need to make plenty of comments to your code ;)

Markb2
7 years ago

1

Did succeed this level. It appears I made an error while trying to input the cookie into my browser.

Continuing with crypto 7 right now :).

darkcyber
7 years ago

2

I get my own cookie on my log, but not the admin cookie after few hours. My method is stealthly. Anyone want to check my code?

tl0tr
7 years ago

2

@darkcyber : Yes, please post your code in the solutions. I would like to see it.

darkcyber
7 years ago

2

@tl0tr
Not yet success, the problem is I’m got no admin cookie for few hours. I believe my injection code is OK. Can I PM You my injection?

tl0tr
7 years ago

2

@darkcyber : Yeah PM me but send me code in the same order you are injecting it.

darkcyber
7 years ago

2

@tl0tr sent you a PM

tl0tr
7 years ago

2

@darkcyber : I have replied you back. Let me know if you can figure it out.


2

Hello did somebody solve ithe level?
I have the same problem. Inject is on the site but i didn`t get a admin cookie.
Can somebody check my solution ?

fred [feuerstein]
4 years ago

2

You can send your approach in a private message. I’ll see what I can do for you


2

Thanks for checking my script. I think the level is down. I will send a pm to the admin.

tppt
3 years ago

2

Hi, just checking if this level is still working? I also have a stealthy code and I don’t receive any details back to my logs after waiting one hour. I tried both https and http requests.
My local attempts are working properly and I can read my data.

Who is the admin that I could ping if something need to be fixed? Thanks for your feedback!!


4

Hello tppt, thanks for your feedback. I wrote last month a help request and then one more last week. No response till now. I will email the admin now. Maybe we obtain a response per email.

Kaldah
3 years ago

2

Hi, is the level still offline ? I tried an injection which seems to work with and so should be working with the admin but nothing after some hours of waiting. So, I guess it’s offline but I ask in case I’m doing something wrong.

eduardo.silva
2 years ago | edited 2 years ago

1

yeah I have the same problem. I can execute my payload and extract my own cookie but not the relevant one.

eduardo.silva
2 years ago

0

Can anyone confirm that the challenge is working properly?

Kaldah
2 years ago | edited 2 years ago

0

The challenge seems to be working as I can get the admin cookie even if he doesn’t work for me I don’t think it is due to a problem with the challenge or at least not this part.

By the way, when I try my injection on an other navigator it works fine and I believe I’m doing it the right way (stealthy enough) but the cookie doesn’t work and I think it is because a former injection I did on an other navigator doesn’t disappear even after clearing messages. (and so could make the challenge think I’m not stealthy enough). But maybe it’s just because it is broken ^^‘ (I don’t know if it does this problem just for me or not)

edit: I just think a little and find a way to solve my problem

eduardo.silva
2 years ago

0

Allright seems I need to do something else than just making a connection to my server

eduardo.silva
2 years ago

0

Well I got the relevant cookie but keeps saying the session is expired. So I guess I am at the same point as you @Kaldah

Ron [tptome]
2 years ago

0

I got the XSS to work and I can take cookies, but it’s only taking my cookies. I think this challenge is broken

TestDummy
2 years ago

0

I face the same situation … :(

4 replies have been removed
You must be logged in to reply to this discussion. Login
1 of 33

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss