Level 15

Url: http://ctf.infosecinstitute.com/levelfifteen/index.php
Description: DNS Lookup
Bounty: $150

This challenge is command line injection (you must know linux command line), when you input address for example in the fill form, you will get output


Look the ; lines, ‘;‘ indicates you can input 2 command in a times explain by the source code below

DNS Lookup

"; $cmd = ($_POST['dig']); system("dig mx " . $cmd ); echo "

"; die; } ?>

let’s try it ‘; ls -a’ (without qoute) or you can just use “;Unix/linux comand line” in the DNS Lookup form.

You can use Repeater in burpsuite without using the browser.

level15 burp


there is a .hey file, lets look what is it, it is a ascii files, open in a browser using the link http://ctf.infosecinstitute.com/levelfifteen/.hey it contain


I can’t find the flag in this challenge.

I’m clueless with this challenge, and then there’s a bit cheating in this, I accidentally found this solution in one of the ctf n00bs write-up, that string above is ATOM-128 Encoding. So using online decoding tools, you found the flag.

The flag is: infosec_flagis_rceatomized

Reference and Tools:
1. BurpSuite – http://portswigger.net/burp/
2. Command Execution – http://resources.infosecinstitute.com/command-execution/
3. Atom-128 – http://stackoverflow.com/questions/8771179/how-to-explain-atom-128-encrypt
4. Encoding tools for Atom-128 – http://crypo.in.ua/tools/eng_atom128c.php

PS: I feel this level is not my work, but I post anyway 😀