ByteBanditsCTF 2019 WriteUp

CTF page: https://ctftime.org/event/792

Team: NoPwnNoGain

Bash-fu

After connecting, the commands are somehow always converted to uppercase and don’t work.

After googling I found this syntax that converts words to lowercase on the command line.

${command,,} - the , denotes lowercase

So I created a variable with a command to invoke /bin/bash and it worked.

The flag was in the jail folder as well as the syntax of the jail shell that was converting all commands to uppercase.

Online Previewer 1

The page is a site where you can preview other websites by providing a url.

Previewing https://www.google.com :

This must be a ssrf challenge. When I checked the page’s source there’s a hint on the secret service running mentioned in the description.

So the goal is to access the http://127.0.0.1:1337/. Using the url as is didn’t work.

I found a payload on the PayloadAllTheThings repo that worked and used this:

http://localtest.me:1337/

Using other domain names that resolved to localhost would have also worked such as this from https://nip.io/

http://customer2-app-127-0-0-1.nip.io:1337

flag:

Twitter: ikuamike

Github: ikuamike