D-CTF 2014 :: Exploit 400 :: Paranormal Activity

Posted by and filed under D-CTF 2014.

####disclaimer: this CTF involved a lot of guessing, and please note that other challenges were of far lower quality. reader beware. To start this challenge, you had to solve Exploitation 300. 300 consisted of googling a public webapp vulnerability. Once you’ve got a shell as the web user, you’ll see e4.hint in the root dir…. Read more »

D-CTF 2014 :: Bonus 200 :: Final

Posted by and filed under D-CTF 2014.

For this challenge, we were presented with a website made from the ApPHP Microblog CMS. A quick search on Exploit-DB revealed that there was an existing RCE bug. PHP disable_functions seemed to have an extensive list since exec, shell_exec, and system were all disabled. This leaves only a few commands left to use. It… Read more »