From 452ba0102dcc2674fa1323143c4849c628c7603d Mon Sep 17 00:00:00 2001 From: dusoleil Date: Thu, 5 Aug 2021 02:19:42 -0400 Subject: Dusoleil's Writeups from Metasploit Community CTF 2020 Signed-off-by: dusoleil --- docs/writeups/Metasploit_Community_CTF_2020/photos.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 docs/writeups/Metasploit_Community_CTF_2020/photos.txt (limited to 'docs/writeups/Metasploit_Community_CTF_2020/photos.txt') diff --git a/docs/writeups/Metasploit_Community_CTF_2020/photos.txt b/docs/writeups/Metasploit_Community_CTF_2020/photos.txt new file mode 100644 index 0000000..2504fb5 --- /dev/null +++ b/docs/writeups/Metasploit_Community_CTF_2020/photos.txt @@ -0,0 +1,10 @@ +PORT 6868 + +A web server with simple file hosting (disabled for new users). +By exploring the site, you quickly realize that there is a structure to where the photos are retrieved from. Each users' photos are under a subdirectory with their initials. + +If we try to create a new user, it uses our initials to create a subdirectory with notes (and single note about how we can't upload anything). This, of course, means we can check the notes of other users if we know their initials (which we do because of the public photos on the main page). + +Looking through these notes, we learn about another user who is an admin, or security person or something. We can figure out her initials from these notes. One interesting piece is that she is the only user with a multiple word middle name. If we try to create a user with a multiple word middle name, the first letter of each word is used in our unique id. So we need to use the first letters from every word in her name to look at her files. + +The flag is just one of the public photos she has under her id. -- cgit v1.2.3