Daemon Of Hacking
  • WELCOME!
    • 👋/home/usr/KruKnight
  • METHODOLOGIES & RESOURCES
    • Passwords & Attacks
    • Post Exploitation
      • 👀Situational Awareness
      • 🖥️Privilege Escalation
        • Linux Privilege Escalation
        • Windows Privilege Escalation
  • Writeups
    • CyCtf 2024
      • Vending Machine
      • Aerospace
      • OhMyCell
    • Portswigger Labs
      • Authentication
        • Username enumeration via different responses
        • 2FA simple bypass
        • Password reset broken logic
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken Brute-Force Protection, IP Block
        • Username enumeration via account lock
        • 2FA broken logic
        • Brute-forcing a stay-logged-in cookie
        • Offline password cracking
        • Password reset poisoning via middleware
        • Password brute-force via password change
        • Broken brute-force protection, multiple credentials per request
      • Os Command Injection
        • OS command injection, simple case
        • Blind OS command injection with time delays
        • Blind OS command injection with output redirection
        • Blind OS command injection with out-of-band interaction
        • Blind OS command injection with out-of-band data exfiltration
      • Cross-Origin Resource Sharing (CORS)
        • CORS vulnerability with basic origin reflection
        • CORS vulnerability with trusted null origin
        • CORS vulnerability with trusted insecure protocols
      • Server-side template injection
        • Basic server-side template injection
        • Basic server-side template injection (code context)
      • Server-Side Request Forgery (SSRF)
        • Basic SSRF against the local server
        • Basic SSRF against another back-end
        • Blind SSRF with out-of-band detection
        • SSRF with blacklist-based input filter
        • SSRF with filter bypass via open redirection vulnerability
      • Path Traversal
  • 🟩HTB Writeups
    • Heal
Powered by GitBook
On this page

Was this helpful?

  1. Writeups
  2. CyCtf 2024

OhMyCell

PreviousAerospaceNextPortswigger Labs

Last updated 6 months ago

Was this helpful?

The goal is to find the Cell ID of the most reliable nearby tower along with its Radio Type to guide him to the best place for reception.

Investigation Steps

  1. Finding the Location: I started by locating the Arab German Company on Google Maps to get a sense of the exact area.

  2. Locating Nearby Cell Towers: Using OpenCellID, I examined the cell towers around the company’s location. Several towers were nearby, but after assessing the options, the most stable one I found was a 3G UMTS tower.

The first thing I did was going to google maps and finding the Arab German Company in Cairo location

After finding, its location, the next step is to find the nearby cell towers. To that I used

Going to the location of the company on the website's map, I found a lot of Towers, but the most stable one was a 3G UMTS tower

Flag: CyCTF{16456_UMTS}

OpenCellId