Introduction

Detailed walkthroughs for U.A. High School CTF challenges on TryHackMe .

Summary

This CTF challenge required participants to identify and exploit a hidden OS command injection vulnerability in the U.A. Superhero Academy’s website. Successful exploitation led to gaining root privileges on the system.

Vulnerability

The website contains a hidden functionality that allows for the execution of shell commands. This vulnerability can be exploited to gain unauthorized access to the system.

Exploitation

• By enumerating the website, a valid user and password were discovered.
• Using sudo privileges, a script was executed on the system to escalate privileges to root level.

Tools Used

rustscan, ffuf, curl, nc, wget, hexeditor, steghide, ssh