Skip to main content
Hashnodekurtntettle's blog

Command Palette

Search for a command to run...

NS2 | Network Security Series

network 𖧹 150pts

Published
•1 min read
S
Shaikh Shafeen
Building solutions of my daily life problems with code.
Part of seriesCyber Skills Bootcamp Competition | BUBT

Problem Statement

We need to identify if there were potential vulnerabilities exploited. 
What's the name of the malicious web shell uploaded?

Flag Format: BUBT{..*}

network_artifacts.pcapng

Prerequisites

  • Wireshark (basic use of filters, following HTTP/TCP streams, viewing responses)

Solution

After reading the statement, I realized that something was uploaded. Files are usually uploaded using the POST method, so I decided to filter the packets by this method.

filtering packets by POST method

Now, I can see that two files were uploaded using the /upload endpoint. So, I started analyzing each response to get more details.

The attacker was unable to upload the reverse shell because the website filters file formats, which is a basic protection mechanism.

But on the second attempt he managed to trick the protection mechanism!

He included a .jpg extension :D (a good reminder of why you should rigorously test your written functions :3)

Credits

  • Hashnode - for the amazing platform

  • BUBT - for the workshop

#wireshark#ctf#ctf-writeup#bubt#bootcamp
4 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Cyber Skills Bootcamp Competition | BUBT

Part 2 of 9

A beginner-friendly walkthrough of the challenges given in the contest.

Up next

NS3 | Network Security Series

network 𖧹 150pts

More from this blog

kurtntettle's blog

22 posts

Just a developer solving random problems and documenting here.