Challenge Context
The Wiz, Iβve got a special task that requires every bit of your brain power. I need you to infiltrate the CVSS Bonsecours Crew Members Hub and create your own crew account. This act will play a key part in the success of the heist.
To help you out, we managed to get our hands on a pentest report that assessed the hub. The pentest was done by a third-party firm named Sharkz4Hire β what kind of name is that? Would you believe they also call their employees Sharksterz?
Anyway, further intel indicates the so-called Sharksterz are known to be terrible at their job (yeah, shocking). Iβm convinced that by combining their pentest results with your own findings, you will find a way.
Best of success.
Pentest report: PenTest-Report.pdf
Resources:
- Pentest report: PenTest-Report.pdf //
https://dl.nsec/pentest-report.pdf- Refer to the post βWelcome to the CTF!β for
shell.ctfinformation.
Solution Walkthrough
Review the Pentest Report
Examine the provided pentest report for any hints about vulnerabilities or misconfigurations in the Crew Members Hub.
Access the Crew Members Hub
Use the information from the report to attempt account creation or exploitation.
Shell Access
Once you gain access, attach to the shell and enumerate the system:
sh 2 lines
ls / cat /flag.txtCapture the Flag
After successful exploitation, retrieve the flag from
/flag.txt.
Obtained Flag
Click to reveal the final flag
flag 1 lines
FLAG-32bea04a80620ee8ae1697a74c487155e5ea4806