Title: Very Old Website
Description: We have checked our very old website whether it contains a vulnerability. But lucky we were unable to find anything. Can you check, just to be sure?
Flag: Three flags (of different levels)
IG{1-IchBinKeinNetScapeNavigator}IG{2-GoodJobCoconut}IG{3-0PHP0IS0FUN0!}
Hints:
- First flag:
Mozilla/5.0 - Second flag:
Read the REAL /password.txt - Third flag:
$PS1, $PWD, $UID, $SHELL
Files given: None
How the challenge works:
- Change the useragent to
Navigator/(or a real Netscape useragent string) - First flag:
X-Flagheader on/ - Read
http://ip/robots.txt - Fake files:
http://ip/password.txt, andhttp://ip/flag.txt - Check source of
http://ip/admin/ - See possible path vulnerability:
?p=login.php - Try
?p=../../../../../../password.txt - Does not work,
..replaced with. - Retry with
?p=.../.../.../.../.../.../password.txt - Hurray password!
- Log in using these credentials on
http://ip/admin/ - Hurray another flag:
<input type="hidden" name="flag"> - Remote Code Execution, send payload
phpinfo()using admin panel. - Refresh
http://ip/ - Find third flag.
How to deploy:
./docker.sh
How to stop:
docker stop very-old-website
Container is automatically removed!