I’m sure you have already been in the same situation than me. You’re working at a client’s house for a penetration test, a tight time slot for your tests, no downtime. You arrive a little late in the morning (thanks to the strikes) and your virtual machine containing all your tools doesn’t want to start (I knew I shouldn’t have play with my bootloader yesterday night tss).
No choice, you have to reinstall this machine.
The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO.
For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :
I think you know what I am talking about. The “file upload” vulnerability is familiar for you ? Nice. So you know how it could be difficult to bypass protection to upload a webshell. I will show you a little technique to add to your test when you are trying to exploit file upload :)
This technique is inspired from the challenge l33t-hoster of the Insomni’hack Teaser 2019 CTF
So follow the guide !