IP Address: 172.25.200.200

Port: 9031

The flag is in /flag/flag.txt

Want to run this Docker container locally?

docker run -d -p 9031:9031 --name flag-red58 --restart always joshbeck2024/ctf-cve-2023-40028-ghost

Credentials:

User: [email protected] Pass: bananas_are_great_123

Based on IPPSEC: LinkVortex

Inspect the source code after going to the front page and you’ll see it’s loaded with reference to the word ghost.

The Ghost platform has a default login page at ghost/

http://IP_OF_TARGET:9031/ghost

The Vulnerability:

• This vulnerability allows an authenticated user to upload a theme containing a symbolic link. When the theme is activated or assets accessed, the symlink resolves to a file on the host system.