Ladybug - H@cktivityCon CTF

Category: Web
Solves (at time of writing): 631
Description: Want to check out the new Ladybug Cartoon? It's still in production, so feel free to send in suggestions!

Ladybug

We are given a link to a website.

Opening it gives us this small webpage:

Clicking around a bit I didnt notice anything special, the searchbar didnt do anything, and the contact form didnt either.

Then I took a look on how the Links work, since that was the only thing that worked here.

We can see that it discerns the different pages by the /film/nameoffilm in the url bar.

If we manually edit the url to point to a non-existant film, we should get a 404, but instead here we get this:

This is the Werkzeug Debugger, it pops up if your python-based webpage gets an error (but should be disabled) in production because of the following:

You can execute python statements by clicking this little symbol on the left (yellow):

And now we basically have RCE.

In Python to execute commands (and get their output) we import the subprocess library and use subprocess.check_output(["command", "argument"])

Executing these few statements (basically executing ls and then cat flag.txt) gets us the flag.

~sw1tchbl4d3, 31/07/2020 (dd/mm/yyyy)