DESCRIPTION
It's April 28, 2007
Series of cyber attacks have started against the government and organizations just yesterday.
The attacks are simple in nature. They are not technical nor are they causing real harm so far, but the availability of some public services is affected.
Due to escalation of conflicts and increasing number of cyberattacks the Estonian Defense League's Cyber Unit has been called for help. You are part of it!
Your first task is to assess the security of this news site. It is important to find the weaknesses before the adversaries do.
Investigate the application, find if there are any vulnerabilities and read the flag from /var/backup/secret.txt
http://localhost:8000
Challenge created by CTF TECH.
You need to have Docker for this challenge.
Challenge files are located HERE
HINTS
There is a local file inclusion vulnerability on the site.
Try reading some articles and have a look at the address bar.
KIRJELDUS
On 28. aprill 2007
Valitsuse ja organisatsioonide vastu on just eile alanud rida küberrünnakuid.
Rünnakud on oma olemuselt lihtsad. Nad ei ole tehnilised ega tekita seni reaalset kahju, kuid mõjutatud on mõnede avalike teenuste kättesaadavus.
Konfliktide eskaleerumise ja küberrünnakute arvu suurenemise tõttu on appi kutsutud Kaitseliidu küberüksus. Teie olete osa sellest!
Sinu esimene ülesanne on hinnata selle uudistesaidi turvalisust. Oluline on leida nõrgad kohad enne vastaseid.
Uurige rakendust, leidke, kas seal on haavatavusi, ja lugege lipp /var/backup/secret.txt-st välja
http://localhost:8000
Ülesanne on loodud CTF TECH poolt.
Ülesande jaoks on vajalik Docker.
Ülesande failid asuvad SIIN
VIHJED
Saidil on LFI haavatavus.
Proovige lugeda mõnda artiklit ja vaadake aadressiriba.