hackburger.ee Number to ASCII converter write up
2017. 8. 15. 14:37
hackburger.ee Number to ASCII converter Write up
super fun wargame like wargame.kr
written by ch4n3 at BoB 6th, team Demon
to solve this challenge, go http://burger.laboratorium.ee:8001/
if you requests to that site,
you can see this screen.
there is PHP code.
It convert decimal number to ascii character.
BUT,, There is a vulnerabiltiy at assert() function.
The assert() function is has code execusion vuln.
(you can see more at https://stackoverflow.com/questions/3115559/exploitable-php-functions)
So..
You can execute some php code by using $_GET['number'].
http://burger.laboratorium.ee:8001/?number=phpinfo()
We can see php server info by connecting them.
yeah~!~! 9reat~!~!
we can execute bash shell by this
http://burger.laboratorium.ee:8001/?number=system($_GET[cmd])&cmd=id
Using this, you can find flag in that server.
and keep going
we got the flag.
The flag is adb92727cb7edc1802eb4616d23aef3ffaa928a4
'write-ups > hackburger.ee' 카테고리의 다른 글
| Comment Box solving (0) | 2018.05.25 |
|---|---|
| hackburger.ee File search Write up (0) | 2017.08.14 |
| hackburger.ee Warmup write up (0) | 2017.08.14 |