Encoder

From Pessin randon wiki
Revision as of 13:58, 13 October 2022 by Exf (talk | contribs) (Created page with "===Description=== This web application allows you to use coding utility to encode and decode base64 100pts ===Question=== Investigate the application, exploit the vulnerability and read the flag from /var/backup/secret.txt ===Solution=== First, I ran a vulnerability scan on the website with the ZAP tool. Unfortunately, nothing was found. Next I tried to enter all kind of commands to both decoder and encoder sides. I realized that especiality I got errors from decoding...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Description

This web application allows you to use coding utility to encode and decode base64

100pts

Question

Investigate the application, exploit the vulnerability and read the flag from /var/backup/secret.txt

Solution

First, I ran a vulnerability scan on the website with the ZAP tool. Unfortunately, nothing was found.

Next I tried to enter all kind of commands to both decoder and encoder sides. I realized that especiality I got errors from decoding side when I was entering commands like include, ls, &&.

I entered similar commands on the encoding side and tried the following command && cat /var/backup/secret.txt This web page returned a long base64 string that looked nothing like the previous ones. I decoded that string twice and got the task flag for myself.

Tools

  • base64

Flag

efa58858-a4d0-43ce-ab8d-44ed5b5aaa1b

Retrieved from "https://wiki.pessinurmi.com/index.php?title=Encoder&oldid=347"