Health check: Difference between revisions
From Pessin randon wiki
Created page with "===Description=== This is a healt care systems web page where you can upload your certificates for verification. 100pts ===Question=== Investigate the application, find if there are any vulnerabilities and read the flag from /var/backup/secret.txt ===Solution=== I first tested how the website works and found that you can upload .php files. I then tried using the gobuster application to find the file I had sent and found that it was sent directly to the root folder of the..." |
No edit summary |
||
| Line 1: | Line 1: | ||
[[File:Task-healt check.PNG|thumb|Task health check]] | |||
[[File:Webpage.PNG|thumb|Website where you can upload files]] | |||
[[File:Healt-check Gobuster.PNG|thumb|Gobuster to figure out where is that php file]] | |||
[[File:Healt-check Flag.PNG|thumb|Netcat and reverse shell]] | |||
===Description=== | ===Description=== | ||
This is a healt care systems web page where you can upload your certificates for verification. | This is a healt care systems web page where you can upload your certificates for verification. | ||
Latest revision as of 10:37, 30 September 2022
Description
This is a healt care systems web page where you can upload your certificates for verification. 100pts
Question
Investigate the application, find if there are any vulnerabilities and read the flag from /var/backup/secret.txt
Solution
I first tested how the website works and found that you can upload .php files. I then tried using the gobuster application to find the file I had sent and found that it was sent directly to the root folder of the webpage.
I sent the php reverse shell via the web page. I started the netcat application on the virtual machine to listen on port 1234 and opened the reverse.php file in the browser.
I got into the system and ran the command cat /var/backup/secret.txt which printed the correct flag.
Tools
- Php revese shell
- netcat
- cat
Flag
ctftech{3593e215-63f2}
