Thailand Cyber Top Talent 2022 – CTF THAILAND
Writeup!! Web-challenge03

1st step : survey target website and guessing how to find flag?
content show only text.

2nd step : try with index.html and index.php and use : dirb to start find more hidden directory

3 : index.php have “secret” parameter. Ok!! let FUZZ with FFUF
and test with result.

4 : Use : commix for command injection and use os_shell to find flag
found : SSsecretSS directory (interesting)

Final : Check SSsecretSS directory (web server config directory listing) , found FlagSecret.txt.

flag : tctt2022{Vuln_C0mM@nd_!inj3ti0n}