Samiux's Blog

Open Source is a great idea and it has changed the world! Open Source forever ....

While you do not know attack, how can you know about defense? (未知攻,焉知防?)

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

为天地立心，为生民立命，为往圣继绝学，为万世开太平。 -- 王炜

Saturday, October 12, 2019

bossplayersCTF : 1

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.

Download : https://www.vulnhub.com/entry/bossplayersctf-1,375/
Difficulty : Beginners
Format : OVA (VirtualBox)

To find the IP address of the box in the network by running nmap.

Further scan all ports of the box.

The website is running on port 80.

Check the source code of the page and found a hash at the bottom of the page.

Suspected that the hash is base64 decoded. Try to decode it.

After the decoding, the result is "workinprogress.php". Let's browse it.

The page says that "test ping command". Let's test it for "cmd" parameter.

The command is executed. To pawn a reverse shell.

To find if there is any file with sticky bit.

The result is "find". Try to privilege escalation.

Decode the "root.txt". Root is dancing!

After thought

It is a traditional Capture The Flag (CTF) box with base64 decode and sticky bit searching. Recommended.

Samiux
OSCE OSCP OSWP
October 12, 2019, China, Hong Kong