Oopsie
Initial Scan
sudo nmap -T4 -Pn -sV -sC -v 10.129.95.191 -oA Oopsie

Task 1
With what kind of tool can intercept web traffic?

Answer: Proxy
Task 2
What is the path to the directory on the webserver that returns a login page? Answer: /cdn-cgi/login
Task 3
What can be modified in Firefox to get access to the upload page?
Answer: Cookie
Task 4
What is the access ID of the admin user?

Answer: 34322
Task 5
On uploading a file, what directory does that file appear in on the server?

Answer: /uploads/
Task 6
What is the file that contains the password that is shared with the robert user?


Upgrade to a functional shell:
python3 -c 'import pty;pty.spawn("/bin/bash")'



Answer: db.php
Task 7
What executible is run with the option "-group bugtracker" to identify all files owned by the bugtracker group?


Answer: find
Task 8
Regardless of which user starts running the bugtracker executable, what's user privileges will use to run?

Answer: root
Task 9
What SUID stands for?
Answer: Set owner User ID
Task 10
What is the name of the executable being called in an insecure manner?


Answer: cat
Task 11
Submit User Flag

Answer: f2c74ee8db7983851ab2a96a44eb7981
Task 12
Submit Root Flag


Answer: af13b0bee69f8a877c3faf667f7beacf
Last updated