Forum Discussion

immervivesolver

Bronze II

22 days ago

Solved

Trick or Treat on Specter Street: Manor of Madness

Any hints for Manor of Madness last task. I have been trying from hours and got struck at last task

application security

challenges

tips & tricks

immervivesolver
16 days ago
Don’t focus on cookies.its just a trap.i wasted hours on tampering those. Just focus on query.
ThreatWhisperer
this query you can try on both fields separately or inject in both fields at a time.It will give a time based.you can try tweaking with true conditon
this.name == 'a'; sleep(5000)

immervivesolver

Bronze II

17 days ago

LewisMutton I tried almost every NoSQL injection payloads and no luck.
Do we need to change anything like Auth token or content type??
if you have payload, can you give more hint to solve it

LewisMutton

Bronze III

12 days ago

Think about closing the string early and appending a boolean expression using OR (||) that includes the keyword name in the query.
I did the same thing got all the way to the final Q using the same simple injection and then got a bit stuck, but got there in the end!

Forum Discussion

Trick or Treat on Specter Street: Manor of Madness

Featured Places

Help

Related Content

Trick or Treat on Specter Street: Phantom Pages

Trick or Treat on Specter Street: Ripper's Riddle

Trick or Treat on Specter Street: Ripper's Riddle (Q6)

Trick or Treat: Manor of Madness

Trick or Treat on Specter Street: Ghost of the SOC

Recent Discussions

Purple Belt Generic: Lab - File Inclusion Vulnerabilities

Trick or Treat on Specter Street: Morphy’s Mansion

CVE-2022-30190 (Follina) ms-msdt Scheme Abuse – Offensive Question 11

Hack Your First PLC: Ep.3 – Discovering PLCs Using Wireshark

CVE-2022-33891 (Apache Spark) – Defensive Question 4