If you have ever watched any interviews or talks of the top bug bounty hunters, you must have noticed one common key point fuzzing with a target-specific wordlist, for example hackers hunting for bugs in Google VRP understands the significance of dogfood, that single phrase had lead to some of the most critical bugs on internal assets of google but it doesn’t have significance in any other program and so there is this fuss about using a custom wordlist but not many resources on how to make one, the best resource I could find was this talk by TomNomNom this is a very appreciated talk I highly recommend watching it, creating a wordlist in this way is a tedious task and isn’t very efficient as it will contain a lot of noise.
After I read write-ups by other hackers of this challenge, I found out that most of them solved it with adding SSH keys, and I did it by installing redis module, so here is my approach. As we start the challenge we get ssh login to start with, in privilege escalation just like everyone else I started with linpeas.sh after analysing the results of linpeas I realised soon there is nothing much in this box other than redis.
This was my first ever jeopardy style CTF and for most my team mates as well, I was kind of lost after seeing so many challenges then I saw this tweet from John Hammond and I took it as a challenge to solve it. So I started the challenge with the basic enumeration, directory fuzzing. It was a simple blog writing application made in golang, After registering an account and logging in you’ll be greeted with this home page, and functionalities to add new post and edit username in profile page.
This write-up is co-written by me @Dexter0us and @mass0ma. We were one of the winners of the CTF and won a $100 reward from hacker101. The CTF was quite challenging and fun to play. We hope you can enjoy and gain something from this write-up. You can follow us of Twitter @Dexter0us, @mass0ma and hang out with us on Discord Hack The Planet Bounty Hunters if you like :). We started the CTF with the basic endpoint enumeration.