180010027
/
CSICTF-Writeups
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added Linux Challenges

This commit is contained in:
rishitsaiya 2020-07-31 18:23:02 +05:30
parent 3c743dd8fd
commit 783e212ca7
12 changed files with 157 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Linux/AKA/Flag.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.1 KiB

20
Linux/AKA/README.md Normal file
View File

@ -0,0 +1,20 @@
## AKA
The main idea finding the flag is using `base64` command.
#### Step-1:
When we run `nc chall.csivit.com 30611`, we are pwned into a shell. I tried some basic commands like
`ls` to find flag, but it is blocked.
<img src="ls.png">
#### Step-2:
So I tried `base64 flag.txt | base64 -d`, and luckily worked.
<img src="Flag.png">
Voila! We have our flag.
#### Step-2:
Finally the flag becomes:
`csictf{1_4m_cl4rk3_k3nt}`

BIN
Linux/AKA/ls.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
Linux/HTB 0x1/Flag.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

29
Linux/HTB 0x1/README.md Normal file
View File

@ -0,0 +1,29 @@
## HTB 0x1
The main idea finding the flag is anonymous FTP bypass.
#### Step-1:
The idea is similar to getting root access of a machine. So I started with basic `nmap 34.93.37.238` scan on the server. But unfortunately, not much.
#### Step-2:
So I random access on FTP server through the given IP address by `ftp -p 34.93.37.238 5001`.
Voila! I was in!
No idea of credentials though.
#### Step-3:
So I just tried to access the FTP page through URL: ftp://34.93.37.238:5001/
It directly showed this webpage.
<img src="Web1.png">
#### Step-4:
Next it was just navigating through to get the flag.
<img src="Flag.png">
#### Step-5:
Finally the flag becomes:
`csictf{4n0nym0u5_ftp_l0g1n}`

BIN
Linux/HTB 0x1/Web1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

1
Linux/HTB 0x1/flag.txt Normal file
View File

@ -0,0 +1 @@
csictf{4n0nym0u5_ftp_l0g1n}

11
Linux/Where am I/README.md Normal file
View File

@ -0,0 +1,11 @@
## Where am I
The main idea finding the flag is anonymous FTP bypass.
#### Step-1:
I had to follow this because following `id_rsa` is not helping me bypass to root.
https://noob-atbash.github.io/writeups/csictf-20/linux/linux#whereami
#### Step-5:
Finally the flag becomes:
`csictf{n1c3_d093_w0w_5uch_55h}`

BIN
Linux/find32/Flag.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.4 KiB

96
Linux/find32/README.md Normal file
View File

@ -0,0 +1,96 @@
## find32
The main idea finding the flag is using basic Linux commands.
#### Step-1:
When we run `ssh user1@chall.csivit.com -p 30630` and password as `find32`, we are pwned into a shell.
A simple `ls` command gives us many files which are random.
```
02KG7GI3 66SLWGGM AZF6YNNW HI1HXC9E LP29J6MU PM7NRHP0 VCSYBT6V
02M95EZJ 6IGISUOK BAL0FX4Y HJ7SLXWJ LQWDHMT1 PMWQY71J VFFKFKFP
041Q5VQ6 6IS45I48 BDMSPZFU HKX85U5A LR9H9RJ4 PN7VNWMY VL8QUY6U
0K8HTQUI 6JFHFM48 BDYM2DL3 HL9OQ59W LS1E6E8N PRIT98R2 VOAZ2FLA
0L51GUQ6 6JJ8M6EQ BH13PMF2 HTFON23U M0ODDGTQ PUKTT71A VQHX8Y2S
0POE7NLS 6KPKMW7F BP1QOD2S HW9ZGUI0 M2D9A9GW PX7XX8MV VS2QLP5T
0XC8TJL6 6NZ8YTHN BRKQC7KI HWR8ILW8 M2W3FH21 PXR9X9H1 VS5RKUTC
10KS7XSL 6O893R7P BT4Q0KSC I0GJ1ZT2 M40WA6L0 Q3VV2P04 VU7UXE91
17HSIYXQ 6TQAQ9JL BUIYBJW6 I0HK3F0Q M45WG887 QBZ2NYYY VUU3IP28
1DB6A3RZ 6Y96J42D BW90182E I3QH2SGS M4PSP87C QDDZKQBI VWXNPY8W
1EBY9SNN 71PCO4II BZE1NCWY I7BE5SNQ M50MK22L QDZM9GU3 VYXH92ZI
1TE2UPR9 74EIPRM5 C1KDRW2G I7BYYSUH M6MO9M1W QON3WELD W569XUGK
1VQPZIUO 784MLE5E C5L2LOAA IHGA1LHQ M8XE7P73 QV763DK6 W56UYZUK
1W6RAWEU 79VJFIU5 C75ZYB8Q INUIDPFZ MAC4PGYS QXKDIR8P W7N3EQ8A
21X763CW 7EA2V52Y C7LAWJCM ISW6FLPB MDZE1NQC QYBFIDQA W8XHJP69
24CHFLCM 7IKIFVQC C9EN38OZ IUKF08Y4 MIN0CJNB QYKLAVOR WFLCEXOU
24UQMOA7 7JKVQ1V4 CB7VL2AM IW0M1T97 MITS1KT3 QZBKI0LI WHYUOJS2
2FFS4207 7K2HS4Y8 CR8AY5W7 IXLBEBRX MLNCZNJH R3O1QJRE WO7DKKIR
2L9WVOQA 7O0E74NI CVDGAH14 IYLAWPCR MLRX5NHC R513RF7X WQYZVZ02
2MMNROKS 7QQAKH41 CYNFLG1O IYT9TNZ3 MT0ZF01M R75LDKZA WW5L7JNK
2X82259Q 7UB67288 D01U0OA5 J634H910 MVYJ08ZU RHZ4QIGE WXW4GEDU
31H6U39X 7UYWYDBZ DC953402 J9K0N1G3 MWE4SJWL RSA9B4XA X1SVRUTM
32DJSRCD 80TD6MQ1 DHI6XKWG JBNLA5LS N56AGDMY RXHHGT3D X23268R9
36VMK9BG 82R7NE45 DQZAE7MY JCUBGZ0L N8O0W1UR RYRXFTD0 X44EBTIV
3B2F652L 84XR0NUK DVRULQ4L JD8K3921 N9ZX32OP S3CQF12S X4O9C3E9
3C71HLAH 89JKXHMI E2DCKTAW JDVT05Q1 NDR9IE07 S50ORS2M X70F203P
3CWSG1VM 8AYM8OQ9 E2WWNK1U JL8V5YGI NGT5TVLI S9796BM8 XA6HG1VW
3E7ZTAVL 8BHHDOCA E3VMO1UV JM035B27 NJJ4FIMD SA13FEFE XAGJI6C3
3FSO4YLX 8DCJBGN8 EBGAB2T7 JMXU733Y NMMNMEDT SGCS15D7 XBJ59Z81
3MPI6ZGG 8O23G30S EDL1IX5Y JNTGVLSL NNGY3F51 SSNMEO7G XESS84R7
3NI0KD8T 8Q8IDTC7 EJKM4P8J JQJIA3QC NQ3BFZKH ST1FTYFZ XM6M6XV3
3O7SZPP5 8SQP2JFV EMAPY1SV JSWT0A61 NTIJFZDS STYTHKQE XVXM67UN
3SF18NHO 90ORMN66 EMOTUDML JW5DHBI2 NWAG08DF SWD8ZKVQ XZ5KZZPR
3WJNQHOI 931P2T2C EPIGX1NO JYP14B13 NXH2E4FB SXRZ25DU Y0WAA0QK
3Y6ULSYJ 95NBR36B EUXTE3IX K5HIYP7U O08K936H T0ST0WFT Y2F5YYPT
40HE4X61 99KWRIDG EXVHNHYF K7H88QI2 O20W8JF2 T5D06H6O Y41T1L0P
41W0HO2L 9EO10QRH EYN874N3 K80WPMFB O8C1K8CS THW3C7CC YB6CGUEN
4DXWEUAK 9KHTQSOG F4K726ZE K8670JAD OA9OWQNN TIE17JV7 YGAD81HL
4E5VZT6C 9KQEWTD4 F5FFWSP3 KDT49C2O OAVKKSIU TNGM39LQ YI5ISTTI
4FMGJMPX 9KVDBM8O F9T58X71 KJ26BDR0 OB0TZRYT TNNLXAMK YI9VPU71
4LMTFZCM 9LNZ0ETP FH0FGQU9 KOIIQDDB OHGWT0IT TOD5ZOWV YJ4H3LH9
4LYTO0ZG 9MP89P4E FI9WZ1NI KQFVQJ3J OI290XGJ TP72DLYC YJPL7KY5
4NE1DLAV 9QNUXM4L FJATAT6I KRNKFQTK OJTT5YOZ TQYI4JH2 YLTYQ7PT
4O0KVR5P 9R6FWLZQ FMZXZWMD KRTDDSYK OLHQ2XMI TY2N5W2V YZOFT123
4UOCNFI8 9SMDHC89 FOGK2TD9 KTE9QN31 OM4BZRJ6 TZ4TM4KC Z8TPG2SQ
4VTQDZXG 9TM8NR4D FPLW13DY KUNZ9OP2 OO08I86R U1HE6HJU ZE0LYP1J
526KAB1Q 9UGJX4Z2 FUF4GEJ2 L25P2X6S OPTKWTEN U1Z144SU ZIIFJZRE
5669QKVZ 9X0BSFFX G18VV3XH L6RJI5MH OTQLM9FR U4CT6S3M ZKOYMDBL
5714I59N 9YN7B5TM G20VWPOJ L97LN1SA OVB0C2DD U9KXZUZT ZOM1L6RA
5D8MSKXV A202VRDJ G4DRQMVC L9HIBPO9 OXNCWNKP UFF3VJES ZUIZ3BRS
5DNAUH8Z A8DWWULS GBIA0FJJ L9NCYUOA P7U25CJI UFRWO7LV ZXWG1CJB
5DY1KZDZ A9ARPBTE GCCH7GUL LA28D194 P7ZSATBS UI3CYXEH ZYSF9F0A
5E0OD9MJ AK1L1RB0 GGK14ZEP LB4B6X6P P8H2QJZE UK268DBR
5FOOLY10 AK6PZX3H GN72VYNY LDMDGEL4 PBMIEOJ1 UMVACDSG
5HQTP051 AL2HOE1I GVAUVIPU LF6NHZRK PF2KOY3A UOKCOUPN
5OWRFEZT ATP6Z1LV GVTHMJMC LIVI4VP2 PJU5YNCE USP8NX9I
5S7QF3H6 AYHI7FZG H782K0GF LKLQLQ8B PKEIXGTL UTNI6PSD
5ZCQW7TK AZBQ6DI4 H7PWE6D1 LKUM0ZLZ PLE8FFL4 V8A4PPEG
```
#### Step-2:
So I tried `grep -R {`, to search for possible flags throughout.
<img src="grep1.png">
#### Step-3:
Well, I was greeted with a false flag & new user credentials, so I ssh'ed with that next time.
`ssh user2@chall.csivit.com -p 30630` and password as `AAE976A5232713355D58584CFE5A5`. This weird ass number beside User2 name.
Luckily I was in.
#### Step-4:
This time I tried `ls` and actually find very less files.
<img src="ls.png">
#### Step-5:
So I immediately tried `grep -R _` and got it.
<img src="Flag.png">
#### Step-3:
Finally the flag becomes:
`csictf{th15_15_unu5u41}`

BIN
Linux/find32/grep1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 555 KiB

BIN
Linux/find32/ls.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB