IP Address: 172.25.200.200

Port: 9003

Want to run this Docker container locally?

docker run -d -p 9003:80 --restart always --name ctf-mod-cgi joshbeck2024/ctf-mod-cgi-shell-flag-d

In this case, we have a reverse shell challenge where mod_cgi is enabled on an Apache2 server.

However, when we go to HTTP://172.25.200.200:9003 we get an error:

We are redirected to beck.reverse.local. The process the computer went through was this:

• You typed in 172.25.200.200:9003
• The webpage redirected you and said: Go to beck.reverse.local
• Your computer looked up beck.reverse.local via the DNS Process
  • First, the computers checks /etc/hosts
  • If there is no entry, it attempts to ask the DNS server configured

Since beck.reverse.local doesn’t exist in any global DNS databases, we get the error that the page can’t be found.

This is a good time to introduce ‘Burp Suite’.

• Burp Suite is one of the most valuable tools you can familiarize yourself with!
• Google: Burp Tutorial for more information after this lab for sure.

It will warn you that your JRE version is out of date. Click Ok.

We are going to create a new temporary project