Description This is an official writeup for the challenge "winkey" which was the finals challenge for the UrchinSec DTS Finals CTF. The challenge was to perform a blackbox pentest, and get the highest privileges but also patch any available vulnerability/misconfigration/bug/flaw that might lead to another malicious actor gaining access! This box was authored/created by tahaafarooq Challenge Summary The box had 2 ports accessible, SSH and Nginx. Provided with hostname winkey.urc nginx has 2 virtual hosts which are api.winkey.urc and archive.winkey.urc. The API is vulnerable to command injection vulnerability. Where after exploiting it the attacker will find that the binary sed has SUID bit and there is a cron-job running which splits the path to root in two! By either using sed to write into shadows/passwd or monitoring processes and exploiting a race condition binary. Enumeration First begin by running an nmap scan:

Team Members Tahaa Farooq - @tahaafarooq Erick Alex - @AlienKeric Mercy John - @daemon Paul Kapufi - @KapufiPaul Nicholaus Nyarwango - @nicl4ssic Final Scoreboard Screenshot from 2024-06-29 15-55-40

image We are provided with the deetails of the challenges as seen above and our target is the IP 45.79.66.97 which is running the domain billsys.urc. Our task is to get the highest privilege on this target. Enumeration Network Enumeration I first start off by scanning for open ports that are available on this target using the command: nmap -sC -sV -sT 45.79.66.97 -oN nmap-scan Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 21:11 EAT

Hello everybody here is our writeup on how we tackled and solved some of the challenges from picoCTF 2024 competition. Screenshot 2024-03-13 at 13-47-02 picoCTF - Event WEB BookMarklet (50 Points) Description image Solution

First of all the semi-finals was kinda off, I am pretty sure the participants hated this semi-finals. Since for this challenge they are provided with a file which is encrypted and they are required to decrypt it and fetch the flag :) Now back to it! The description is as follows: DESCRIPTION Can you decrypt the secret that is hidden within this file! it's said there are two types of encryptions used! starting with XOR where we identified the key starts with "urchinsec" then "@" but we do not know the variation of the year that follows! Then we couldn't understand the type of encryption used, but it's said there is a seed , the seed was found to be : "1668176228" There were also two hints provided and these were, HINT 1