SSRF Box

22 June 2018

1799 Compromissions 18%

53 Votes

Attention : this CTF-ATD is linked to the challenge "Server Side Request Forgery"

Your goal is simple: compromise the virtual environment "SSRF Box".

The validation password of challenge (Realist) is in the /root directory.

4 hours

linux

CTF Results for SSRF Box

Pseudo	Virtual Environnement	Attackers count	Time start	Environnement compromised in
Asuwiel	SSRF Box	2	23 November 2018 at 12:53	1h16
-	SSRF Box	1	23 November 2018 at 09:19	-
-	SSRF Box	2	23 November 2018 at 05:01	-
xxxSetxxx	SSRF Box	2	23 November 2018 at 04:12	0h30
-	SSRF Box	0	23 November 2018 at 02:11	-

Results	Name	Validations	Difficulty ↓↑	Author	Note
	Challenge SecuriTech	1% 13
	SP - Christophe	3% 3
	HackDay-Albania	11% 23
	Homeless	9% 13
	Kuya	22% 25
	Lampiao	8% 22
	Lazysysadmin	16% 56
	Node	20% 33
	Basilic	4% 19
	NullByte	26% 45
	SP - Eric	30% 40
	Gemini-Pentest-v2	13% 9
	The Ether : EvilScience	6% 10
	Typhoon-v1	33% 32
	Replay 1	16% 8
	Bash considered harmful	8% 138		sbrk
	System Disaster	7% 137		sbrk
	Shared Objects Hijacking	13% 565		das
	k8s	10% 168		sambecks
	DC-4	17% 159
	Gittysburg	3% 2
	Gemini-Pentest-v1	7% 29
	DC-7	27% 49
	Billu-b0x2	10% 123
	JIS-CTF-VulnUpload-CTF01	24% 30
	Kevgir-VM	16% 31
	lin.security_v1.0	43% 88
	Moonraker	11% 8
	OwlNest v1.0.2	10% 4
	Raven 2	13% 10
	Sambox v4	3% 104		sambecks
	Django unchained	22% 617		TiWim
	Billu-b0x	8% 34
	g0rmint	8% 11
	BlackMarket	11% 67
	Born2rootv2	34% 92
	Bee-box v1	6% 41
	Command Injection OS	19% 58
	DC-1	15% 347
	digitalworld.local - BRAVERY	11% 17
	digitalworld.local - DEVELOPMENT	9% 12
	DonkeyDocker v1	23% 16
	DC-6	30% 115
	DC-9	32% 109
	DeRPnStiNK	29% 41
	OpenClassrooms_SkP_Pentest_Web	0% 0
	Matrix terminal	6% 52
	Open My Vault	0% 0
	Windows - sAMAccountName spoofing	26% 198
	OpenClassrooms_SkillProgram_AD1	1% 64		Pixis, EtienneC