CTF Range-110 - HackMD

# CTF Range-110 ## Challenge 110 ## Challenge 111 ## Challenge 112 ![image](https://hackmd.io/_uploads/SJMY-mTFxe.png) * Nmap * ![image](https://hackmd.io/_uploads/Byzv7XaYex.png) * The bookstore website, and found a admin login page, has week credential `admin/admin` * ![image](https://hackmd.io/_uploads/ryD6X7pFlg.png) * ![image](https://hackmd.io/_uploads/BJReEm6Kel.png) * ![image](https://hackmd.io/_uploads/r1UWE7Ttee.png) * Successful add new book and upload the info php * ![image](https://hackmd.io/_uploads/HyHEUm6Klg.png) * ![image](https://hackmd.io/_uploads/B1NBIQatgl.png) * Upload webshell and got shell as `cyberq_user` * ![image](https://hackmd.io/_uploads/SJFevXTFel.png) * Using `john` cracked the password * ![image](https://hackmd.io/_uploads/ryhiDQ6Yle.png) * ![image](https://hackmd.io/_uploads/BJr3PXpFel.png) * `cyberq_user:smile` * Wired variable path * ![image](https://hackmd.io/_uploads/r14XT46tle.png) * Pwnkit * ![image](https://hackmd.io/_uploads/ryrIPXy9ee.png) ## Answer * Challenge 110:`4.4.0-116` * Challenge 111:`2cbe65d4` * Challenge 112 :`d61e0a87`