Thailand Cyber Top Talent 2022 – CTF THAILAND
Writeup!! Web-challenge03
1st step : survey target website and guessing how to find flag?
content show only text.
2nd step : try with index.html and index.php and use : dirb to start find more hidden directory
3 : index.php have “secret” parameter. Ok!! let FUZZ with FFUF
and test with result.
4 : Use : commix for command injection and use os_shell to find flag
found : SSsecretSS directory (interesting)
Final : Check SSsecretSS directory (web server config directory listing) , found FlagSecret.txt.
flag : tctt2022{Vuln_C0mM@nd_!inj3ti0n}