webmedium

Bad Apple

tamuctf

Task: Flask app with ffmpeg GIF-to-frames conversion, Apache serves files with directory listing and Basic Auth on .gif files. Solution: Use directory listing to find flag filename, then exploit inconsistent input sanitization in /convert endpoint to process admin's auth-protected GIF and extract frames as unprotected PNGs.

$ ls tags/ techniques/

flask path_traversal file_upload apache idor directory_listing auth_bypass ffmpeg gif_to_frames

visual_flag_extractiondirectory_listing_exploitationinput_sanitization_bypassauth_bypass_via_format_conversion

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]