Webhacking.kr write-up: old-58
2 minutes to read| Link | point | tag |
|---|---|---|
| old-58 | 150 | JavaScript |
Howdy there, welcome to another webhacking.kr CTF challenge. Today’s challenge is about JavaScript.
This is a JavaScript-based user console, not an actual Linux CLI. We can forget about the command-line injection.
By typing help command we have the following result.
- id
- flag
- ls
- help
There are only 4 options and our main goal is the flag command.
We need to escalate ourselves as an admin. How did we do that as we are assigned as a guest whenever the page is getting refreshed.
Actually, you just need thinker some of the parameters.
Step 1: Thinker the JS code
$(function () {
var username = "admin";
var socket = io();
$('form').submit(function(e){
e.preventDefault();
socket.emit('cmd',username+":"+$('#k').val());
$('#m_').val('');
return false;
});
socket.on('cmd', function(msg){
$('#messages').append($('<li>').text(msg));
});
});
- The username has been changed to admin
- Replacing the #m into #k (any alphabet show do, except m.). FYI, we are now changing the input variable
After that, submit the above code to the console
Step 2: Thinker the HTML
Change the input naming from m to k (The alphabet refer to the JS code)
That’s it, input the command and capture the flag.
Thanks for reading. Follow my twitter for latest update
If you like this post, consider a small donation. Much appreciated. :)