Level 15

Url: http://ctf.infosecinstitute.com/levelfifteen/index.php
Description: DNS Lookup
Bounty: $150

Solution:
This challenge is command line injection (you must know linux command line), when you input address 127.0.0.1 for example in the fill form, you will get output

level15a

Look the ;127.0.0.1 lines, ‘;‘ indicates you can input 2 command in a times explain by the source code below

DNS Lookup

"; $cmd = ($_POST['dig']); system("dig mx " . $cmd ); echo "

"; die; } ?>

let’s try it ‘127.0.0.1; ls -a’ (without qoute) or you can just use “;Unix/linux comand line” in the DNS Lookup form.

You can use Repeater in burpsuite without using the browser.

level15 burp

level15b

there is a .hey file, lets look what is it, it is a ascii files, open in a browser using the link http://ctf.infosecinstitute.com/levelfifteen/.hey it contain

Miux+mT6Kkcx+IhyMjTFnxT6KjAa+i6ZLibC

I can’t find the flag in this challenge.

Updated:
I’m clueless with this challenge, and then there’s a bit cheating in this, I accidentally found this solution in one of the ctf n00bs write-up, that string above is ATOM-128 Encoding. So using online decoding tools, you found the flag.

The flag is: infosec_flagis_rceatomized

Reference and Tools:
1. BurpSuite – http://portswigger.net/burp/
2. Command Execution – http://resources.infosecinstitute.com/command-execution/
3. Atom-128 – http://stackoverflow.com/questions/8771179/how-to-explain-atom-128-encrypt
4. Encoding tools for Atom-128 – http://crypo.in.ua/tools/eng_atom128c.php

PS: I feel this level is not my work, but I post anyway 😀

0 comments