Web - Client

Bonjour, je suis complètement bloqué pour ce challenge. J’ai trouvé le code du websocket etc et je pense qu’il faut faire un truc avec le cookie mais j’ai aucune idée de comment faire. Pourrais-t-on m’aiguiller ? Merci

Hello,
Pareil pour moi.
J’ai cherché un lien caché pour se logguer en tant qu’admin ou un message à envoyer au bot pour qu’il réponde une série d’autres instructions... en vain pour le moment.

Bonsoir,

WEBSOCKET et un gros indice sous le titre du challenge, faut creuser avec ça

I don’t know how to find the secret code :(

Bonjour,

Perdu également avec les WebSocket, je ne sais pas trop où envoyer des requêtes, j’ai vu le format ws://.... j’ai essayé dans la barre url, mais cela ne fonctionne pas. J’ai aussi essayé dans la console, et via le terminal, telnet etc ...
Pas moyen, ...

Un petit indice svp ?

Merci par avance.

Checking out the Web Socket 0 Protection challenge: From Burp Repeater, the origin is configurable from "http://ctf04.root-me.org" however I’ve tried a few different things, and I don’t seem to have any luck tricking the bot to correctly answer "What is the Flag?"

I’ve done some research into manipulating the cookie and sec-websocket-key, but have not found anything that lead me down a better path yet.

Any additional hints would be appreciated :)

I finally solved this. In case it is helpful to others, I’ll pass along that it worked for me in "Room 30". The exact same exploit did NOT work in "Room 02" or "Room 04". I have no explanation as to why.

In those rooms where my exploit did not work, I WAS able to connect to "ws://localhost/ws" successfully but NOT to "ws://ctf02.root-me/ws". Of course, the admin’s cookie is tied to the actual domain name and so connecting to localhost did NOT treat me as the admin.

In case anyone has ideas why some rooms work ok and others do not, please share you thoughts since I am very curious about this.

– Sam

Thanks Sam. I had exactly the same problem and I don’t think finding the right room should be part of the challenge. Can an admin look at this ?

Thank you sam! You saved the day :)

I can’t solve this in any way. I have a suspicion that I need to exploit the report page, but I have spent way too much time in this. Please provide any hint

The admin will go to the URL that you have reported in the form.

I received the flag for the challenge and the box.
I entered the one for the box, it said I compromised the env and it is shutting down.
Then I go to the challenge page and enter the flag for validation but it is not accepted.
Did I do something wrong?

Nevermind, I received the flag in a weird format and did not copy it correctly.

i am struck i need some hint