-
Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability
EIP-552c9116 A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-552c9116 MITRE: CVE-2024-23626 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 7.7 Vendor References The affected product is end-of-life and…
-
Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability
EIP-ea3ab824 A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-ea3ab824 MITRE: CVE-2024-23628 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 7.7 Vendor References The affected product is end-of-life and…
-
Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability
EIP-f4472693 A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-f4472693 MITRE: CVE-2024-23627 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 7.7 Vendor References The affected product is end-of-life and…
-
OpenCTF : Do The Needful
Category: Forensics Points: 50 Description: Do the needful https://scoreboard.openctf.com/DoTheNeedful-98e4c6ba71f88e4201a08e7503b0df6124607e39 File Download: DoTheNeedful-98e4c6ba71f88e4201a08e7503b0df6124607e39 When we extract this file, we end up with Challenge.txt. So I go ahead and cat it. $ cat Challenge.txt =AAAAMjU/o7Z+0V17r06KDNmaZHQB1VSlR7wsTDuNk1ok3wfRPMl5YAAV/DwDzAIAERyH3wAAsVVGNBAIs4H This looks like a base64 string, however, with base64 encoding, the = character is used as padding and should only show up…
-
OpenCTF : Nightmare 50
Category: Web Points: 50 Description: Automated home work scoring my ass. https://shades-of-nightmare.openctf.com/nzpoixyucvkjwnerntasdfascdvasdfqwerqwe/nightmare-50/ When connecting to this website in my browser, I receive the following prompt: Welcome to Doctor Professor Wilson’s Python 101! Lesson 1: hello world Enter homework for grading: So it looks like this will execute the Python code you provide. So I test…
-
OpenCTF : mbrtetris
Category: Forensics Points: 25 Description: boot this on baremetal. – https://kajer.openctf.com/tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 File Download: tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 I start by running the file command: $ file tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6: DOS/MBR boot sector; partition 1 : ID=0x7, start-CHS (0x0,33,3), end-CHS (0x1,124,22), startsector 2048, 20480 sectors Ok, let’s try mounting this: $ sudo mount tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 /mnt mount: /mnt: wrong fs type,…
-
OpenCTF : fire walker 0
Category: Network Points: 50 Description: Flag: http://172.31.2.97:20621/flag-d12bb978.txt Firewall rules: https://scoreboard.openctf.com/firewalker_0-acaceaa807e20591173451a7a824a23f2728563b File Download: firewalker_0-acaceaa807e20591173451a7a824a23f2728563b The goal of the fire walker challenges is straight-forward, download the flag file from the provided http URL. The trick is, there are firewall rules that will prevent you from simply running wget, curl, or opening the URL in your favorite web…
-
OpenCTF : HeadOn
Category: Forensics Points: 50 Description: Apply directly to the console https://scoreboard.openctf.com/HeadOn-ac8890852965d787f7591bc10add61bb01efb5eb File Download: HeadOn-ac8890852965d787f7591bc10add61bb01efb5eb $ file blob blob: data I also try running strings on the file, but I don’t find anything interesting. Let’s try binwalk. If you have never heard of binwalk, it is a fantastic tool for solving forensics challenges. It goes through…
-
OpenCTF : Baby’s First ROP
Category: Binary/Reverse Points: 100 Description: If this is your first time, it will be your first time. Available at 172.31.2.62:47802 – https://scoreboard.openctf.com/babys_first_rop-e0f4088e3b5a86cf3d388fac3bc070493c6f71c5 File Download: babys_first_rop-e0f4088e3b5a86cf3d388fac3bc070493c6f71c5 Investigation My initial investigation usually starts the same with pwn challenges. I like to start with running the file command so that I get a high-level idea of what I’m…
-
OpenCTF : SQL 10
Category: Web Points: 10 Description: https://sql-mayham.openctf.com/ziopxuoiwquyerhnszpasdyvzlkxcjlwerqwer/sql-10/ When 1 is entered it returns the following row: Enter a badge number to view that officers file:1 (1, ‘bob’, ‘simmons’, ‘none’) Performing a basic sql injection we got the same row back but no error. The server only returns 1 row Enter a badge number to view that…