- Status: Concluded
- Start date: 2021-11-20
- End date: 2021-11-29
- Parts: 4
This is all the information on how to solve the ARG revolving Toontown Rewritten's Field Offices update.
Twisted_Code macks2008
Untrusted-Game
/ untrusted-lvl9-solution.js
Created
January 24, 2021 02:45
Solution to level 9 in Untrusted: http://alex.nisnevich.com/untrusted/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /********************** | |
| * fordingTheRiver.js * | |
| ********************** | |
| * | |
| * And there's the river. Fortunately, I was prepared for this. | |
| * See the raft on the other side? | |
| * | |
| * Everything is going according to plan. | |
| */ |
Untrusted-Game
/ untrusted-lvl10-solution.js
Created
January 24, 2021 03:00
Solution to level 10 in Untrusted: http://alex.nisnevich.com/untrusted/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /************* | |
| * ambush.js * | |
| ************* | |
| * | |
| * Oh. Oh, I see. This wasn't quite part of the plan. | |
| * | |
| * Looks like they won't let you take the Algorithm | |
| * without a fight. You'll need to carefully weave your | |
| * way through the guard drones. | |
| * |
Untrusted-Game
/ untrusted-lvl11-solution.js
Created
January 24, 2021 03:32
Solution to level 11 in Untrusted: http://alex.nisnevich.com/untrusted/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * robot.js | |
| * | |
| * You'll need three keys in order to unlock the | |
| * Algorithm: the red key, the green key, and the | |
| * blue key. Unfortunately, all three of them are | |
| * behind human-proof barriers. | |
| * | |
| * The plan is simple: reprogram the maintenance | |
| * robots to grab the key and bring it through |
darkhappy
/ ARG-Field-Offices.md
Last active
December 3, 2021 17:32
Toontown Rewritten - Cog Field Offices ARG
Log4J has a feature called Java Naming and Directory Interface (shortened to JNDI in this document), which allows a Java program to reach out to an external source to gather data.
If you put a section of text containing ${jndi:query} into the log, the Log4J library will try to resolve the query.
This can be combined with the Lightweight Directory Access Protocol (LDAP) to connect to a remote server.
However, because JNDI is built for retrieving data, and JNDI is a Java program, if you put a JNDI query using LDAP into a log, it will connect to the given site, download a file, and then execute it.
This is called Remote Code Execution.
OlderNewer