Newrouge CTF

  Unicode Machine(10.10.11.126) Info: This was fun medium linux box where i learned about decompyling python binaries, unicode normalization and bash expansion attack to bypass white spaces filter. It had many things from JWT forging to LFI to command injection. Let's dive in! Recon: Starting with nmap port scan we 2 open ports $ nmap -T4 10.10.11.126 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-07 21:53 IST Stats: 0:00:36 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan Connect Scan Timing: About 96.10% done; ETC: 21:54 (0:00:02 remaining) Nmap scan report for 10.10.11.126 Host is up (0.41s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http $ nmap -A -p22,80 -T4 10.10.11.126 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-07 21:54 IST PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http nginx 1.18.0 (Ubuntu) |_http-server-header:...

  Hello security enthusiasts, this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i quickly signed up for it. Although i couldn’t complete all challenges but i learned new things i.e. Hash Length Extension Attack. PHP file_get_contents() LFI vuln. & PHP’s weird behaviours. Whole CTF was based on naruto theme. First challenge : It was an easy OSINT challenge, which was about tracking down a user on flickr where he posted a image. Metadata of image contained flag and link for next challenge. Let’s focus on that. Second Challenge (Uchiha or Evil): Challenge URL: http://3.141.159.106 Description: I heard something important is stored in /secret.txt Let’s try to load /secret.txt file on webserver. But it is not found(404). Then i asked the yogosha admin is it intended. Answer was : Yes it is a file in root directory and we have to get access to that *. After little enumeration we can read /robots.txt file. U...