XML Object Exfiltration - HackTheBox Cyber Apocalypse CTF "E. Tree" 

@panda doesn't need END

@panda It's basically switch-case on steroids

Yea good idea exploiting known knowledge of the flag. His method would also not work if the first char of the second part of the flag started with a 'C'. My initial idea was to leak name, so you ignore the staff with the first part of the flag completely on your second blind sql injection. My method would have took longer, but in theory it would work irregardless what the second part of flag contained.

It’s a logical flow, so anyone, even people who don’t program can follow along and even guess at the answer before he types it. Very mentally rewarding, I mean even the error’s were giving pseudocode answers.

Call me crazy but the way he’s going through this isn’t a normal happening out in the wild. It’s too obvious and too rehearsed, he never went into anything technical, it was more of a Öh of course”kind of thing. WITH everything nice and tidy and human readable, one natural logical discovery flowing into the next, it’s like watching someone go through a page of pseudocode. Idk 🤷 I just have not seen any actual exploits work so fluidly and without any obfuscation put into the so called errors he was getting.

HAHA right , I wish when I got errors they gave me the fix and clue to the next step in Pseudocode

Or Star Trek IV when Scotty grabbed the computer mouse and tried to talk to it saying, "Hello Computer ." 🤣🤣

Like algorithms you do? Ok.. Let P = Bn, the Boolean algebra of subsets of {1,2,...,n} ordered by inclusion. Let 2 be the poset with two elements (it has two elements ˆ0 ≤ ˆ1) ✅ WiTh M3 S0 FAR?? OK Cool 😎 SO….. because we can view Bn as a zero-one vector. Let us compute μ for Bn. μ for 2 is given by μ(0,0) = μ(1,1) = 1 and μ(0,1) = −1. With the lemma, we find that μ(T,S) = (−1)|T−S| i.e. μ(T,S) = (−1)# times T and S differ. I think the only thing Mr. Hammond is learning is how to make a RU-vid Video about Hacking, without actually showing any real useable code so it doesn’t get the BAN hammer 🔨 and costing him a ton of money 💰. It is fun fiction though

He knows, it was even in the document he showed in the beginning, but would not have made a very entertaining story. Not to mention it would be to close to something someone could do in the real world and possibly cost him his RU-vid channel, and that is a big $$$ deal. I wouldn’t see why he would risk it, he probably wrote this CTF in the first place. John has taken on and beaten ppl in the real world, like at Def-Con.

A real one? Actually that’s mean to say these days, so instead one that designs his own game engines and that does the physics and complex logic, like linear algebra and combinatorics maths (M ̈obius functions for breakfast) OR a GUI drag-n-drop Unreal Engine guy?

@@cedricvillani8502 Says the guy with an "introduction to Unity's new visual scripting tool" vid in his playlist? For reak though, whatever it is that's making you feel so negative, I hope it passes soon

You are kidding right ?

@@ko-Daegu no, you must not get the question.

You mean explains how to not only code the problem (ex. CTF) but also do a human readable “hack”that won’t actually work in the real world? Because yes I’m also curious, and I wonder if he employs a few other programmers to make sure he doesn’t step to far outa line and cost him a lot of money

Ubuntu i think

@@nothingnothing1799 +

@@nothingnothing1799 What DE tho?

It’s a BRAND thing.

Probably would not be worth it the time/effort to code it. Adding an underscore as the first character would speed things up (saves ~70 attempts for each underscore in the flag, but only adds one extra attempt for all other characters), but even that is probably not worth the effort.

This whole thing is silly 🙃, like in the movies back in the day when the “Secret Launch Codes”were being figured out, while James Bond was fighting the Evil Genius.