Let’s talk about Cheese CTF.
I don’t recommend joining this challenge as it’s a puzzle CTF.
It’s approved by the creator of the challenge.
Puzzle CTFs might be fun, but you’ll end up severely frustrated if you fail to solve it, along with demotivation and self-doubt.
Instead, I’ll share the write-up here as soon as someone publishes it online.
1 Like
Hello, I found the SQLi and LFI vulnerability but I can’t go further. Please do you have a hint to help me ?
Completed the room! ,
Hints:-
Don’t be afraid by seeing the nmap, only one port will help you (80)
Dirbusting will reveal you a message.html file , which will lead you to a .php file and in the url you will see a php wrapper , and It will will lead you to LFI, now search some exploits for “Php wrappers LFI2RCE” a medium blog will guide you.
User:
Check for hidden directories, see if you can access it or not.
Root:
Sudo -l,
instead of .timer check it’s .service file.
1 Like
watch this video and u find how to do it
Thank you so much. I have learned a new method to exploit LFI
1 Like