Posts

247CTF - Miscellaneous Challenges - The Text Editor Jail

Image
Problem Statement We didn't have time to setup and test a proper jail, so this text editor will have to do for now. Can you break free? Tools Used Vim Bourne shell (sh) Description This is a web-based challenge; when you click the 'Start Challenge' button, it will spin up a unique instance of the challenge for you. You would then be able to navigate to the challenge page with your browser. Once you open the challenge page, your screen would resemble the screenshot below: As you can see, this is the text editor Vim being exposed by a web terminal. There is a well known feature of Vim where it allows a user to execute arbitrary Unix commands. To execute a command, enter :!<command> , e.g. to execute the ls command, enter :!ls . You can leverage this feature to spin up a command shell. To do so, type :!/bin/sh into the editor. Now, you will get a command shell as shown below: Now, you can examine the current working directory to obtain clues for ...
Post a Comment
Read more

247CTF - Networking Challenges - Error Reporting Protocol

Image
Problem Statement Can you identify the flag hidden within the error messages of this ICMP traffic? Tools Used Wireshark 3.4.3 Python 3.9.1 Description This is a downloadable challenge. When you click the 'Download Challenge' button, you obtain a ZIP archive file. The ZIP archive contains a packet capture ( pcap ) file. The file's name was error_reporting.pcap in my case, it may differ for other users. To solve this challenge, you would need to decode and assemble the data from multiple ICMP packets (my file contained the data from 1712 packets). Wireshark can be used to open the packet capture file and visualise the various layers and fields in the packets. Once you open the packet capture file with Wireshark, your window should resemble the screenshot below. As shown above, the first packet is an Echo (ping) request and the rest of the packets are Echo (ping) replies . Double-clicking a packet would open it...
Post a Comment
Location: India
Read more