kurtntettle's blog

kurtntettle's blog

NS3 | Network Security Series

network 𖧹 150pts

PublishedNovember 24, 2024

•1 min read

Building solutions of my daily life problems with code.

Part of seriesCyber Skills Bootcamp Competition | BUBT

Problem Statement

Knowing the directory where files uploaded are stored is important 
for reinforcing defenses against unauthorized access. 
Which directory is used by the website to store the uploaded files?

Flag Format: BUBT{///}

network_artifacts.pcapng

Prerequisites

Wireshark (basic use of filters, following HTTP/TCP streams, viewing responses)

Solution

From the previous problem NS2, I you notice you will see that the attacker is trying different paths (/admin/uploads, /uploads, /admin/, /reviews/uploads/)

I manually checked the responses for each path he tried and found a valid path that listed the file he uploaded.

Credits

Hashnode - for the amazing platform
BUBT - for the workshop

#bubt #ctf-writeup #ctf #wireshark

2 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Cyber Skills Bootcamp Competition | BUBT

Part 3 of 9

A beginner-friendly walkthrough of the challenges given in the contest.

NS4 | Network Security Series

network 𖧹 75pts

More from this blog

BlissOSx86 Kernel: Manual Build & Install Guide

I wanted to run a more recent version of LSPosed, but I hit a wall: ZygiskNext (a mandatory dependency) refused to install. The culprit was the outdated version of KernelSU included in the build. So I

May 8, 20267 min read203

Cross Site Scripting (XSS) | Task 4

web 𖧹 ??pts

Aug 9, 20251 min read17

Shell Upload | Task 6

web 𖧹 ??pts

Aug 9, 20252 min read11

Parameter Tampering | Task 5

web 𖧹 ??pts

Aug 9, 20251 min read12

SQL Injection | Task 2

web 𖧹 ??pts

Aug 9, 20252 min read14

kurtntettle's blog

22 posts

Just a developer solving random problems and documenting here.