Post

front-page port 80-shoopyu Hackthebox CyberApoclypse 2023 | The Cursed Mission

Posted
By sujay adkesar
1 min read
front-page port 80-shoopyu Hackthebox CyberApoclypse 2023 | The Cursed Mission

 

enter image description here

CyberApoclypse CTF 2023

Forensic Challenge : Roten

Description :

The iMoS is responsible for collecting and analyzing targeting data across various galaxies. The data is collected through their webserver, which is accessible to authorized personnel only. However, the iMoS suspects that their webserver has been compromised, and they are unable to locate the source of the breach. They suspect that some kind of shell has been uploaded, but they are unable to find it. The iMoS have provided you with some network data to analyse, its up to you to save us.

Download Files:

forensics_roten.zip

1️⃣ Open the challenge.pcap file with wireshark

sudo wireshark challenge.pcap

2️⃣ Filter to http and then go to bottom

enter image description here

enter image description here

3️⃣ map-update.php has upload functionality and the malicious actor uploads a malicious php called galacticmap.php

enter image description here  

:warning: Malicous PHP enter image description here

4️⃣ Decode the malicious PHP Code and print out

enter image description here

enter image description here

HTB{W0w_R0t_A_DaY}

Write Up, ctf
write up hackthebox ctf walkthrough cyberapoclypse cursed-mission
This post is licensed under CC BY 4.0 by the author.