ByteBanditsCTF 2019 WriteUp
CTF page: https://ctftime.org/event/792
Team: NoPwnNoGain
Bash-fu
After connecting, the commands are somehow always converted to uppercase and don’t work.
After googling I found this syntax that converts words to lowercase on the command line.
${command,,} - the , denotes lowercaseSo I created a variable with a command to invoke /bin/bash and it worked.
The flag was in the jail folder as well as the syntax of the jail shell that was converting all commands to uppercase.
Online Previewer 1
The page is a site where you can preview other websites by providing a url.
Previewing https://www.google.com :
This must be a ssrf challenge. When I checked the page’s source there’s a hint on the secret service running mentioned in the description.
So the goal is to access the http://127.0.0.1:1337/. Using the url as is didn’t work.
I found a payload on the PayloadAllTheThings repo that worked and used this:
http://localtest.me:1337/Using other domain names that resolved to localhost would have also worked such as this from https://nip.io/
http://customer2-app-127-0-0-1.nip.io:1337flag:
