SEC-T CTF 2017 - WEB - Sprinkler System(100p) | Ph03nix Team

Ph03nix Team

H4ck f0r fun

Home About Us
SEC-T CTF 2017 - WEB - Sprinkler System(100p)

Long time no ctffffff,
Challenge: Sprinkler System
Classification: Web

Then we go to the site:

Nothing much in here, so let’s check out robots.txt.

So i type “/cgi-bin/test-cgi” into the browser, it gave me information about the test report.

I check out the google with keywords: “ test-cgi exploit “ it gave me the information about the CVE-1999-0070
Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing. Inputting “/cgi-bin/test-cgi?*” shows the scripts that are present for this site, and we can see something sprinkler-related.

Now let’s go to enable_sprinkler_system to see what inside it:

Haha we have the flag: SECT{-p00l_On_t3h_r00f_must_h@v3_A_l3ak!-} !