FLAG 1 Intercept /doUpload.php request with proxy and change filename (in POST request) with directory traversal. Original Request filename.png Edited Request ../filename.png FLAG 2 Download valid png image with web shell. Webshell wasn’t working so I modified. Original Request Edited Request Confirm RCE /phppng.png?0=ls Capture the flag /phppng.png?0=grep+-R+FLAG FLAG1 trigged because of directory traversal attack. […]
learn gdb – Points: 300 Problem Statement Using a debugging tool will be extremely useful on your missions. Can you run this program in gdb and find the flag? You can find the file in shell server. Run the program. This takes some time. $ gdb run Decrypting the Flag into global variable ‘flag_buf’ ………………………………. […]
caesar cipher 2 – Points: 250 Problem Statement Can you help us decrypt this message? We believe it is a form of a caesar cipher. You can find the ciphertext in /problems/caesar-cipher-2_0_372a62ea0204b948793a2b1b3aeacaaa on the shell server. This is a follow up to my previous post. Message / Ciphertext ^WQ]1B4iQ/SaO@M1W>V3`AMXcABMO@3\BMa3QC`3k This time our charset is extended […]
wiks3c 