KringleCon | The Name Game & Directory Browsing | CTF Challenge Solution

Minty Candycane: The Name Game


This challenge presents us with an onboarding system written in Powershell. There’s a command injection 
vulnerability in the system that allows us to injection arbitrary commands after the ; is used to end the previous
query. For example, we can select option 2 in the onboarding system, and inject:

; sqlite3 ;

This allows us to enter the sqlite environment where we can query the database to discover the relevant
information as shown in the figure.

Answer: Scott

Question 2 Directory Browsing

This one a simple directory traversal vulnerability where when we click on ‘apply now’, we are redirected to the
following URL:

https://cfp.kringlecastle.com/cfp/cfp.html

If we remove the cfp.html and try to navigate to the cfp directory, the directory traversal vulnerability is apparent.
The files in this directory are listed for everyone on the Internet to see. We can now access ‘rejected_talks.csv’ 
which gives us the information we need to progress to the next challenge.

Answer: John McClane

Pranshu Bajpai
Pranshu Bajpai
Principal Security Architect

Pranshu Bajpai, PhD, is a principle security architect..