TickTock Intrusion: The Timing Attack Challenge (Dockerized) | Notion

$$ \text {An iCSI CTF (RED20)} $$

IP Address: 172.25.200.200

Port: 9038

Want to run this Docker container locally?

docker run -d -p 9038:80 --restart always --name flag-red20 joshbeck2024/ctf-ticktock-challenge-flag-red20

This time, The initial webpage is a login portal that allows us to register a new user. We are also given a hint that a list of example usernames can be found within an `.html` file on the server. (We’ll locate this list and utilize it later in the lab.)

Register a new user.

Go ahead and log in with this new user account and you’ll see that admins have the ability to upload files to this webserver. Unfortunately, lowly joe isn’t an admin!

Log out and log back in. Only this time, intercept the request in Burp Suite. (Let’s see what’s going on here!)

Need a Burp refresher: Click Here
Type in your username/password and intercept the request.

Click forward and you’ll see that we are redirected to upload.php upon successful login.

Some CLI text editors automatically create backup files any time a file is opened or edited. Emacs will append the tilde `~` to these backups, and there are times when it pays off to check whether they exist and were inadvertently left by the application developer.

Go to:

http://IP_ADDRESS_OF_VM/action.php~

Untitled