Health check

From Pessin randon wiki
Revision as of 10:37, 30 September 2022 by Exf (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Task health check
Website where you can upload files
Gobuster to figure out where is that php file
Netcat and reverse shell

Description

This is a healt care systems web page where you can upload your certificates for verification. 100pts

Question

Investigate the application, find if there are any vulnerabilities and read the flag from /var/backup/secret.txt

Solution

I first tested how the website works and found that you can upload .php files. I then tried using the gobuster application to find the file I had sent and found that it was sent directly to the root folder of the webpage.

I sent the php reverse shell via the web page. I started the netcat application on the virtual machine to listen on port 1234 and opened the reverse.php file in the browser.

I got into the system and ran the command cat /var/backup/secret.txt which printed the correct flag.

Tools

  • Php revese shell
  • netcat
  • cat

Flag

ctftech{3593e215-63f2}

Retrieved from "https://wiki.pessinurmi.com/index.php?title=Health_check&oldid=282"