SlideShare a Scribd company logo

Lets play a game - 0xOPOsec 2018 Summer CTF

R
Ricardo Almeida

0xOPOSec Hacking community 2018 Summer CTF Write up.

Technology
1 of 26
Download to read offline
ØxOPOSɆC 2018 Summer Challenge - Mɇɇtuᵽ [Øx6E]
Ricardo Almeida Pentester Security Engineer @
Have a l00k?!?! Dude… I can’t see sh*t!! What we got: ● HTML only website ● No juicy HTML or JS comments What can we do?? ● Let’s go Neanderthal on it and fuzz ALL the things!!!
PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW PEW
Houston we have the sauce code!! $ wget --mirror http://summerchallenge.apl3b.com/002E95AC03 439AF96A79E469AB9B5C872E4A51EE5BEFE23A DEFDE27D148A1ED2F9E90E404859ED34D25836 D81268DE9C50E773E4529D434FABA9D9797A1 362FD/.git/ $ git reset --hard HEAD is now at f2c9fd9 Update 8JUCv3fZ44.html $ curl http://summerchallenge.apl3b.com/002E95AC03 439AF96A79E469AB9B5C872E4A51EE5BEFE23A DEFDE27D148A1ED2F9E90E404859ED34D25836 D81268DE9C50E773E4529D434FABA9D9797A1 362FD/8JUCv3fZ44.html
Houston we have the sauce code!!
Lost In Translation Dafuq am I reading??? What we got: ● Weird looking language or code. Is it a programming language? What can we do?? ● Let’s Google-Fu it! Google: “weird programming language”
Wait… Brain… WAT?
Crack me if you can! What we got: ● Random binary that needs cracking But what can we do?....
The Good
The Bad
The Ugly
The Ugly
The Ugly
The Ugly
We love Web 2.0 What we got: ● Very old Wordpress instance. What can we do?? ● Wpscan FTW!... ● Or… Let’s just go Neanderthal on the login form, use a dictionary attack and hope we...
SQL Injection FTW
Backdooring WordPress 101
Backdooring WordPress 101 Now what?...
Explorer What we got: ● Web Shell on the Wordpress instance. ● MySQL Credentials. What can we do?? ● What other services is the server running? ● Are the MySQL credentials reused and work on more services?
Thinking outside the box
Climbing to the Moon What we got: ● SSH access to the box. ● Low privilege non root shell. What can we do?? ● Google for Privilege Escalation Techniques and Tools and not just Exploits. ● Enumerate ALL the things.
Old School EoP - SETUID Files
Old School EoP
That's it! ¯_(ツ)_/¯ https://www.linkedin.com/in/ricardojbalmeid a https://github.com/ricardojba ricardojba1@gmail.com ricardojba@protonmail.com Thank you.

Recommended

10 Eclipse Tips in 15 Minutes
10 Eclipse Tips in 15 Minutes10 Eclipse Tips in 15 Minutes
10 Eclipse Tips in 15 Minuteshaochenglee
 
Git Basics Workshop Summer of Tech 2010
Git Basics Workshop Summer of Tech 2010Git Basics Workshop Summer of Tech 2010
Git Basics Workshop Summer of Tech 2010Y. Thong Kuah
 
YAPC::TV essentials
YAPC::TV essentials YAPC::TV essentials
YAPC::TV essentials Andrew Shitov
 
Про YAPC::TV
Про YAPC::TVПро YAPC::TV
Про YAPC::TVAndrew Shitov
 
Introducción a HTML5 & CSS3
Introducción a HTML5 & CSS3Introducción a HTML5 & CSS3
Introducción a HTML5 & CSS3jose diaz
 
Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...
Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...
Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...Alberto De Ávila Hernández
 
Let Codenarc check if you write good Groovy code
Let Codenarc check if you write good Groovy codeLet Codenarc check if you write good Groovy code
Let Codenarc check if you write good Groovy codeAlberto De Ávila Hernández
 
Nitro for your Grails App: How to improve performance!! Greach' 18
Nitro for your Grails App: How to improve performance!! Greach' 18Nitro for your Grails App: How to improve performance!! Greach' 18
Nitro for your Grails App: How to improve performance!! Greach' 18Alberto Barón Cuevas
 

Recommended

10 Eclipse Tips in 15 Minutes
10 Eclipse Tips in 15 Minutes10 Eclipse Tips in 15 Minutes
10 Eclipse Tips in 15 Minuteshaochenglee
 
Git Basics Workshop Summer of Tech 2010
Git Basics Workshop Summer of Tech 2010Git Basics Workshop Summer of Tech 2010
Git Basics Workshop Summer of Tech 2010Y. Thong Kuah
 
YAPC::TV essentials
YAPC::TV essentials YAPC::TV essentials
YAPC::TV essentials Andrew Shitov
 
Про YAPC::TV
Про YAPC::TVПро YAPC::TV
Про YAPC::TVAndrew Shitov
 
Introducción a HTML5 & CSS3
Introducción a HTML5 & CSS3Introducción a HTML5 & CSS3
Introducción a HTML5 & CSS3jose diaz
 
Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...
Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...
Testing Grails 3, the goob (unit), the bad (integration) and the ugly (functi...Alberto De Ávila Hernández
 
Let Codenarc check if you write good Groovy code
Let Codenarc check if you write good Groovy codeLet Codenarc check if you write good Groovy code
Let Codenarc check if you write good Groovy codeAlberto De Ávila Hernández
 
Nitro for your Grails App: How to improve performance!! Greach' 18
Nitro for your Grails App: How to improve performance!! Greach' 18Nitro for your Grails App: How to improve performance!! Greach' 18
Nitro for your Grails App: How to improve performance!! Greach' 18Alberto Barón Cuevas
 
CAR Email 5.16.03
CAR Email 5.16.03CAR Email 5.16.03
CAR Email 5.16.03Obama White House
 
CAR Email 5.16.03 (a)
CAR Email 5.16.03 (a)CAR Email 5.16.03 (a)
CAR Email 5.16.03 (a)Obama White House
 
Learning iPython Notebook Volatility Memory Forensics
Learning iPython Notebook Volatility Memory ForensicsLearning iPython Notebook Volatility Memory Forensics
Learning iPython Notebook Volatility Memory ForensicsVincent Ohprecio
 
Pitch presentation
Pitch presentationPitch presentation
Pitch presentationempentertainment
 
CAR Emails 6.12.02 (b)
CAR Emails 6.12.02 (b)CAR Emails 6.12.02 (b)
CAR Emails 6.12.02 (b)Obama White House
 
CMB Momentum '17: The 60-Second Messaging Masterclass
CMB Momentum '17: The 60-Second Messaging MasterclassCMB Momentum '17: The 60-Second Messaging Masterclass
CMB Momentum '17: The 60-Second Messaging MasterclassTim Miles
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsEric Hogue
 
DeakinPE Session
DeakinPE SessionDeakinPE Session
DeakinPE Sessionmrrobbo
 
Pairing with the queen
Pairing with the queenPairing with the queen
Pairing with the queenDiego Pacheco
 
CAR Email 4.2.02 (b)
CAR Email 4.2.02 (b)CAR Email 4.2.02 (b)
CAR Email 4.2.02 (b)Obama White House
 
【workface 分享】斜槓上班族的故事 , 2019_4_26
【workface 分享】斜槓上班族的故事 , 2019_4_26【workface 分享】斜槓上班族的故事 , 2019_4_26
【workface 分享】斜槓上班族的故事 , 2019_4_26彭其捷 Jack
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 

More Related Content

Similar to Lets play a game - 0xOPOsec 2018 Summer CTF

Learning iPython Notebook Volatility Memory Forensics
Learning iPython Notebook Volatility Memory ForensicsLearning iPython Notebook Volatility Memory Forensics
Learning iPython Notebook Volatility Memory ForensicsVincent Ohprecio
 
CMB Momentum '17: The 60-Second Messaging Masterclass
CMB Momentum '17: The 60-Second Messaging MasterclassCMB Momentum '17: The 60-Second Messaging Masterclass
CMB Momentum '17: The 60-Second Messaging MasterclassTim Miles
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsEric Hogue
 
DeakinPE Session
DeakinPE SessionDeakinPE Session
DeakinPE Sessionmrrobbo
 
Pairing with the queen
Pairing with the queenPairing with the queen
Pairing with the queenDiego Pacheco
 
【workface 分享】斜槓上班族的故事 , 2019_4_26
【workface 分享】斜槓上班族的故事 , 2019_4_26【workface 分享】斜槓上班族的故事 , 2019_4_26
【workface 分享】斜槓上班族的故事 , 2019_4_26彭其捷 Jack
 

Similar to Lets play a game - 0xOPOsec 2018 Summer CTF (11)

CAR Email 5.16.03
CAR Email 5.16.03CAR Email 5.16.03
CAR Email 5.16.03
 
CAR Email 5.16.03 (a)
CAR Email 5.16.03 (a)CAR Email 5.16.03 (a)
CAR Email 5.16.03 (a)
 
Learning iPython Notebook Volatility Memory Forensics
Learning iPython Notebook Volatility Memory ForensicsLearning iPython Notebook Volatility Memory Forensics
Learning iPython Notebook Volatility Memory Forensics
 
Pitch presentation
Pitch presentationPitch presentation
Pitch presentation
 
CAR Emails 6.12.02 (b)
CAR Emails 6.12.02 (b)CAR Emails 6.12.02 (b)
CAR Emails 6.12.02 (b)
 
CMB Momentum '17: The 60-Second Messaging Masterclass
CMB Momentum '17: The 60-Second Messaging MasterclassCMB Momentum '17: The 60-Second Messaging Masterclass
CMB Momentum '17: The 60-Second Messaging Masterclass
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with Jenkins
 
DeakinPE Session
DeakinPE SessionDeakinPE Session
DeakinPE Session
 
Pairing with the queen
Pairing with the queenPairing with the queen
Pairing with the queen
 
CAR Email 4.2.02 (b)
CAR Email 4.2.02 (b)CAR Email 4.2.02 (b)
CAR Email 4.2.02 (b)
 
【workface 分享】斜槓上班族的故事 , 2019_4_26
【workface 分享】斜槓上班族的故事 , 2019_4_26【workface 分享】斜槓上班族的故事 , 2019_4_26
【workface 分享】斜槓上班族的故事 , 2019_4_26
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

Lets play a game - 0xOPOsec 2018 Summer CTF