Tuesday, April 10, 2018

SunshineCTF - Evaluation Writeup

by Guilherme "k33r0k" Assmann

SunshineCtf - Evaluation Writeup

"Evaluation Evaluate your life. How are you doing, and are you doing the best you can possibly do? Look deeper within yourself, beyond the obvious. Look at the source of it all. Also, here's a PHP challenge."

It was given us the following code:

It’s noticeable that the eval was vulnerable. It’s very simple to get the shell, we can simply add a system() call to the request to get it included in the eval:

To get the shell I ran the following command to include the system() call: $ curl -d 'hello=system("cat flag.php")' -v "http://evaluation.web1.sunshinectf.org/"

Capture the Flag , Writeup , Web