CTF
CTF
CTF 172
CTF
RETIRED MACHINE

CTF

CTF - Linux Linux
CTF - Insane Insane

4.7

MACHINE RATING

1070

USER OWNS

1009

SYSTEM OWNS

02/02/2019

RELEASED
Created by 0xEA31

Machine Synopsis

CTF is an insane difficulty Linux box with a web application using LDAP based authentication. The application is vulnerable to LDAP injection but due to character blacklisting the payloads need to be double URL encoded. After enumeration, a token string is found, which is obtained using boolean injection. Using the token an OTP can be generated, which allows for execution of commands. After establishing a foothold, a cron can be exploited to gain sensitive information.

Machine Matrix

Ready to start your
hacking journey?