Last weekend, I was at the Nuit du Hack, which is a security event near Disneyland Paris mixing conferences, workshops, and much more, including some wargames and CTF.
This article is about the “choucroute” challenge on the public CTF. Even though no team managed to solve it in due time, I still worked after the deadline was over and solved it the next day (actually, a few hours of sleep later).
The entry point of the challenge was a webpage where you could basically buy some sauerkraut online, using a coupon if you have some. The flag was supposed to appear after the payment processing, but unfortunately, this very service seemed to be on strike, leaving us with nothing to eat and no flag to score.
As for many web challenges, you are looking for the regular vulnerabilities: SQL injection, upload forms and so on. Soon, you will figure out that an old version of the index.php file is available at the address /index.php~.
The index.php~ together with the exploit described in this article are available for download.
more here..............http://www.rogdham.net/2014/06/30/ndh2k14-choucroute-ctf-write-up.en
Image may be NSFW.This article is about the “choucroute” challenge on the public CTF. Even though no team managed to solve it in due time, I still worked after the deadline was over and solved it the next day (actually, a few hours of sleep later).
The entry point of the challenge was a webpage where you could basically buy some sauerkraut online, using a coupon if you have some. The flag was supposed to appear after the payment processing, but unfortunately, this very service seemed to be on strike, leaving us with nothing to eat and no flag to score.
As for many web challenges, you are looking for the regular vulnerabilities: SQL injection, upload forms and so on. Soon, you will figure out that an old version of the index.php file is available at the address /index.php~.
The index.php~ together with the exploit described in this article are available for download.
more here..............http://www.rogdham.net/2014/06/30/ndh2k14-choucroute-ctf-write-up.en
Clik here to view.
