CTF Micro Storage

CTF pwn
Created At :
Count:189 Views 👀 :
  1. CTF Micro Storage Form HTB
  2. Options
    1. 1 Upload
    2. 2 List my upload
    3. 3 Delete a file
    4. 4 Print
    5. 5 Compress & Download
  3. Exploit

CTF Micro Storage Form HTB

We just have the IP address and the port, we have to use netcat to connect.

nc $ip $port

We have 6 option, it’s a script who ask us what we want to do.
This user recommand us to figure out which commands are executed for each option.

Options

1 Upload

We have enter the name of the file, can’t excape with >,|,&,;,} and more.
Then we have to write the text and exit with EOF (End Of File).
Linit of 10 files, I should try to explose it.

2 List my upload

It’s using ls, maybe.

3 Delete a file

rm

4 Print

It’s a cat or echo.

5 Compress & Download

This one look more interesting.
On the server:

On my computer:

So they are using the command tar -cf and they encode it in base64.

Exploit

https://gtfobins.github.io/gtfobins/tar/

I can add arguments when I create the file, the title of the file will be the argument.
I’m creating 3 files, 2 for the arguments because he don’t like spaces and one for the script.

Then generate it twice.

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme