root💀senseicat:~#

Hack. Eat. Sleep. Repeat!!!

---

Project maintained by SENSEiXENUS Hosted on GitHub Pages — Theme by mattgraham

---

CTF: HTB CAMEROON meetup

---

---

CHALLENGES-:

• WEB
  • Sequel
  • Iphoto
  • Render Quest

---

SEQUEL

---

• The login page is vulnerable to blind sql injection.I was able to bypass the authentiation process but I was unable to get the flag.

• Then,I tried to exfiltrate data with Ghauri and got the flag.Ghauri is an sql injection exploitation tool.

• Flag-:htbmeetupcmr{5QL_1nj3c710n_M45t3ry}

---

Iphoto

---

---

• The site has a file upload functionality and it was created with php.We can try to upload a shell annd gain remote code execution.

• I tried to upload a regular php file and it got flagged immediately.

• Then,I tried other php extensions which worked.Phtml bypassed the filters.

• RCE gained

• Shell gained

PRIVESC with nmap

• I discovered a password for user in home directory.

• I tried to login to ctfuser and it worked.

• I ran sudo -l and I discovered that I can run nmap as root.

• I got a walkthrough to escalate privileges from gtfobins.

• Root

• I got the flag in /var/www/html/.flag.txt

• Flag-:htbmeetupcmr{Upl04d_R357r1ct10n_Byp455}

---

Render Quest

---

---

• The email is vulnerable to server side template injection. I tried payload `` and got 49.

• RCE gained,The value below is the result of command ls.

• Flag-:htbmeetupcmr{Sup3r_S3rv3r_T3mpl4t3_1nj3ct}

Final payload-: ``

---

THANKS FOR READING

---