Posts

Showing posts from January, 2022

Bugv CTF Writeup - Pwning Thawang Shield

Image
The CTF is designed to pwn an imaginary organization Thawang Shield Security. The only information given to us is their domain - thawang.live Starting with the domain thawang.live, usual recon - directory bruteforcing, port scanning,  subdomain enumeration, etc. was done. It didn't give much information to proceed ahead so I started some OSINT on the org. Looking at the "Teams" section of the website thawang.live, we can find three users. Flag #1 Checking the Facebook profile of Ojasini Shrees, a picture was found which we downloaded, checked its strings and the first flag was obtained. bugv_ctf{MjVFRXNDNWJWeVBBRW} Flag #2 After obtaining flag #1, there's also a link to the discord server https://discord.gg/JwXD7g2f5a. The discord server has a bot that is vulnerable to simple SQL injection. Using the payload $get 1'or 1=1-- as an input for the bot, the flag is returned. bugv_ctf{M0Tlo1MkNBcWRwR1ND} Flag #3 While checking Github of Dexa Singh, a repo "for inte...