Long time no ctffffff,
CTF: SEC-T CTF 2017
Challenge: Sprinkler System
Then we go to the site:
Nothing much in here, so let’s check out robots.txt.
So i type “/cgi-bin/test-cgi” into the browser, it gave me information about the test report.
I check out the google with keywords: “ test-cgi exploit “ it gave me the information about the CVE-1999-0070
Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing. Inputting “/cgi-bin/test-cgi?*” shows the scripts that are present for this site, and we can see something sprinkler-related.
Now let’s go to enable_sprinkler_system to see what inside it: