That's funny, I found the exact same writeup as you did during the challenge. The method actually doesn't work due to chrome SameSite policies causing the s to not use the logged-in cookies, and I got stuck there till I found that writeup. I posted my writeup on ctftime showing how I went through solving it. I exfiltrated the flag by making a new note in the attacker account.
Great writeup! I knew my solution wasn't the intended since the report feature wasn't originally supposed to have internet access. I did try using an approach similar to your writeup (along with many other failed approaches xD) but looking at your payload.. I never got close 😂
is there any way you can make a walkthrough video or a write-up for live art? cuz none of the write-ups that i've found demonstrated the part thats about setting up a local server, im really struggling in this part which makes me feel like an idiot, but still a great video and hoping there will be a binary exploitation one.
@@_CryptoCat ig we all will wait for john hammond, till then ill focus on binary exploitation since I started doing after the competition has ended and im still a total noob in it.
it appended the ngrok-url to to the other one because you accidentally deleted the http-colon-slash-slash part when you updated the ngrok-url in one of the text input fields, I think. EDIT: 27:24 there
Nowadays, your videos are looks like John Hammond, Like Walkthrough Actually What You Did and Not Only Posting the Solution itself. 💯
the best compliment! nandri 🥰
im a beginner and your walkthrough on web challs in ctf is gonna help a loooot thank you for the walkthrough
Awww thanks mate 🙏
Wow 🎉
Good explanation as usual thank you ❤
Very welcome! Thank you 💜
That's funny, I found the exact same writeup as you did during the challenge. The method actually doesn't work due to chrome SameSite policies causing the s to not use the logged-in cookies, and I got stuck there till I found that writeup. I posted my writeup on ctftime showing how I went through solving it. I exfiltrated the flag by making a new note in the attacker account.
Great writeup! I knew my solution wasn't the intended since the report feature wasn't originally supposed to have internet access. I did try using an approach similar to your writeup (along with many other failed approaches xD) but looking at your payload.. I never got close 😂
Noted and Live Art depends on JS knowledge thats why i didn't solve it. Btw, your walkthroughs is really great
Yeh same haha. I just about got Noted, had no chance on Live Art 😁 Thanks 💜
is there any way you can make a walkthrough video or a write-up for live art? cuz none of the write-ups that i've found demonstrated the part thats about setting up a local server, im really struggling in this part which makes me feel like an idiot, but still a great video and hoping there will be a binary exploitation one.
thanks! live art will probably not happen from me.. i was hoping John Hammond would do it 😂 binary exploitation tomorrow though 😊
@@_CryptoCat ig we all will wait for john hammond, till then ill focus on binary exploitation since I started doing after the competition has ended and im still a total noob in it.
nice
ty 🥰
💜
it appended the ngrok-url to to the other one because you accidentally deleted the http-colon-slash-slash part when you updated the ngrok-url in one of the text input fields, I think. EDIT: 27:24 there
Ah TY! 🙏