CTF-Writeups

In this challenge, we have to bypass two preg_match functions to get the flag. The Given Code <?php #read flag.txt highlight_file(__FILE__); $code = $_GET['cmd']; $blocked_functions = '/(exec|shell_exec|system|`)/i'; if (preg_match($blocked_functions, $code)) { die("Hacking attempt detected"); } else { $blocked_functions = "/flag/i"; if (preg_match($blocked_functions, $code)) { die("Hacking attempt detected"); } else{ eval(urldecode($code)); } } ?> Initially, It highlights the code file. Then it stores the ‘cmd’ get parameter value in code variable, it blocks all the functions through which we can execute the shell commands....

The web security challenge was vulnerable to race condition. The following was the given website. The following were the user details with IDs and funds. the /dump path has a comment, which reveals the source code. The following part of the code was vulnerable to Race Condition. A race window exists in the if condition. We can send multiple request parallelly, it will bypass the if condition before the deduction of funds....

A pcap file was being given for analysis. The pcap file was being opened in the wireshark. I applied the http filter to filter only http requests. There was a zip file that was retrieved through http protocol. There was nothing interesting in this zip file. I moved on, and i found that many requests were being made to the /f_data/data endpoint. All the requests were giving 403 forbidden response except the last one, which gave 200 OK response....