Forum Discussion
Silver ISerial Maze Support Group
Sabrina mentioned in another post. "I would recommend having a look at the Browser Developer Tools: Console and JavaScript Execution lab, as there is some overlap in the tasks. We don't have an offensive lab on Python pickles, but you may find Python: Insecure Deserialization useful, including the further reading linked at the end. Good luck!"
In the Insecure Deserialization it mentions "The developers of a GPS fitness tracking application unfortunately implemented the feature to upload jogging routes vulnerable to insecure deserialization attacks, since they decided to use the insecure pickle format. Your task is to remediate this vulnerability using the more secure JSON format."
So maybe this can be of help.
Silver Iπ
Despite finding the π₯ (Thanks to autom8on for the prompt in the right direction), I'm stumped on how to get to the endpoint π©
Any more clues from the kind immersers that have already conquered this maze? π
Bronze IIitsdangerous
token > secret_key > π₯ > answer
jamesstammersBronze III
Do you need to find the secret_key before sending the pickle payload? or use a pickled payload to find it?
- domel44
Yes - first finding secret_key
then π₯
sabil10domel44β ..I got rough idea to solve the lab.. we need to use itsdangerous signed payload and bruteforce the secret_key with rockyou wordlist.. appreciate any hint on finding token..?
- sabil10
I'm stuck...
tried deserialization on both move/submit endpoint.. unable to exploit.
tried rockyou and both endpoint token .. failed..
found one endpoint 2257 .. which is asking for secret.. but don't see any parameter to brute force..
I'm stuck... would appreciate any hints
TIA
