CTF IMF

Benjamin

25-12-2021

CTF › VulnHub

Linux

netdiscover

192.168.0.15

rustscan

Only the port 80 is open

Port 80

Apache/2.4.18

First flag

view-source:http://192.168.0.15/contact.php
flag1{YWxsdGhlZmlsZXM=}
allthefiles

second flag

1	ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==

Flag2:

echo "ZmxhZzJ7YVcxbVlXUnRhVzVwYzNSeVlYUnZjZz09fQ==" | base64 --decode
flag2{aW1mYWRtaW5pc3RyYXRvcg==}
echo "aW1mYWRtaW5pc3RyYXRvcg==" | base64 --decode
imfadministrator

http://192.168.0.15/imfadministrator/

Roger is a user.
The password is hard coded in the cookie.

If I delete it he recreate an another cookie.

So, I have to create my own cookie.
The password may be good, but we also need the username.

netdiscover

rustscan

Port 80

First flag

second flag

Login page