Trick or Treat on Specter Street: Manor of Madness

Question

Any hints for Manor of Madness last task. I have been trying from hours and got struck at last task

threatwhisperer · Answer

Thank you, immervivesolver​ and LewisMutton​ !With your hints I (finally :-)) managed to complete Manor of Madness...Now my only remaining lab is "Trick or Treat on Specter Street: Morphy’s Mansion"...

lewismutton · Answer

Not sure what you're trying but you can solve it using SQL injection techniquesI don't want to be too specific and give away too much&nbsp;

immervivesolver · Answer

Don’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.&nbsp;ThreatWhisperer​&nbsp;this query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon&nbsp;this.name == 'a'; sleep(5000)

lewismutton · Answer

Think about closing the string early and appending a boolean expression using OR (||) that includes the keyword name in the query.
I did the same thing got all the way to the final Q using the same simple injection and then got a bit stuck, but got there in the end!

immervivesolver · Answer

LewisMutton​&nbsp;I tried almost every NoSQL injection payloads and no luck.&nbsp;Do we need to change anything like Auth token or content type??&nbsp;if you have payload, can you give more hint to solve it&nbsp;

Forum Discussion

Trick or Treat on Specter Street: Manor of Madness

9 Replies

Featured Places

Help

Related Content

Trick or Treat on Specter Street: Phantom Pages

Trick or Treat on Specter Street: Ripper's Riddle

Trick or Treat: Manor of Madness

Trick or Treat on Specter Street: Serpent Sanctum

Trick or Treat on Specter Street: Ripper's Riddle (Q6)

Recent Discussions

TLS Fundamentals: Ep.8 – Final Challenge

IoT & Embedded Devices: Certificate Underpinning

PowerShell Deobfuscation: Ep.10

Trick or Treat on Specter Street: Morphy’s Mansion

Trick or Treat on Specter Street: Morphy's Mansion Challenge