-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathctfcli.yaml
26 lines (20 loc) · 1.13 KB
/
ctfcli.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
version: "0.1"
id: university-of-straya-part-1
name: Uni of Straya - Part 1
category: web
description: |
The University of Straya are about to release their new Assignment Submission System (ASS) in two days, but have some concerns about the security of the platform. These concerns stemmed by the lead web developer admitting to inhaling burnt Hungry Jacks toys while developing the Flask REST API.
To assure the security of the platform follows best standards, you have the following goals to achieve:
1. Bypass authorization and view the admin console located at `/admin`.
2. Bypass access controls that prevent students from viewing other assignment submissions or the **source code for the API**. To demonstrate you have achieved this goal, there is a file called `flag.txt` in the API source code folder.
3. Exploit any critical vulnerabilities, such as **RCE**. If you can achieve RCE, run the command `getfinalflag` to get the flag.
Author: ghostccamm
hosting:
type: kube
type: kubectf
extra:
template_name: web-universityofstraya
tags:
- medium
flags:
- DUCTF{iSs_t0_h0vSt0n_c4n_U_h3r3_uS_oR_r_w3_b31nG_r3dIrEcTeD!1!}