Quals NDH 2018 - Crawl me maybe

CTF URL: https://nuitduhack.com/

Solves: 47 / Points: 100 / Category: Web

Challenge description

A website test if a web page validity. You can provide this page by url only. Find a way to find and get the flag. Challenge description

Challenge resolution

This challenge was pretty straightforward.

The web application only presented the following form: Challenge interface

When a site like www.google.com was provided, the application fetched the HTML page and printed its contents: HTML Result

While manipulating the only parameter sent (url), the following stack trace was returned by the web server: Stack trace

This error page disclosed the actual source code of the aplication as well as the software version: WEBrick version

A quick look for exploits revealed that the application was vulnerable to path traversal attacks: Path traversal

After a little bit of digging, the application also turned out to be vulnerable to OS command injection: OS command injection

From there, we found the flag was located in a subdirectory of the user challenge home folder: Flag location

However, as the strings flag and txt were prohibited, the following error message was returned: Attack detected!

We thus used the find command to search for files in the /home/challenge/src folder that we displayed using the “cat” command: Final payload

And… bingo!

The flag!

Author: Ghostx0 @Ghostx_0

Post date: 2018-04-01