Bugv CTF Writeup - Pwning Thawang Shield
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtsldrizzypfUZf2Cb1l6yyhwl0499yg2HBmN5aR-5kMFzBn7aF1fPRy-zEnQ70cC9JW0tz0KieC935QtP-qCzlBMFE3GDbavx8W_IppsMrhiCx8HU5aaex2jATaGY579qs3YknhxMWb1-/w640-h261/image.png)
The CTF is designed to pwn an imaginary organization Thawang Shield Security. The only information given to us is their domain - thawang.live Starting with the domain thawang.live, usual recon - directory bruteforcing, port scanning, subdomain enumeration, etc. was done. It didn't give much information to proceed ahead so I started some OSINT on the org. Looking at the "Teams" section of the website thawang.live, we can find three users. Flag #1 Checking the Facebook profile of Ojasini Shrees, a picture was found which we downloaded, checked its strings and the first flag was obtained. bugv_ctf{MjVFRXNDNWJWeVBBRW} Flag #2 After obtaining flag #1, there's also a link to the discord server https://discord.gg/JwXD7g2f5a. The discord server has a bot that is vulnerable to simple SQL injection. Using the payload $get 1'or 1=1-- as an input for the bot, the flag is returned. bugv_ctf{M0Tlo1MkNBcWRwR1ND} Flag #3 While checking Github of Dexa Singh, a repo "for inte