CTF

Introduction The website presents a web interface with several tabs: Home, About Us, Features, and Admin Panel. For the challenge, we have access to an XML file called data.xml containing the following information: 1 2 3 4 5 6 7 8 9 10 11 12 <company> <department id="1" name="Confidential"> <employee> <name>Confidential</name> <id>EMP007</id> <details> <position>Confidential</position> <selfDestructCode>p_ctf{fake_flag}</selfDestructCode> </details> </employee> </department> </company> Access to the different tabs is allowed but does not contain useful information or input fields....

Introduction Context Explanation The Sess.io challenge is an interesting Capture The Flag (CTF) problem that tests knowledge in exploiting pseudo-random number generation (PRNG) weaknesses, seed reversibility, and cryptographic manipulation. The challenge presents a minimalist web page where users can sign up by providing a username and a password. The “magic” happens in the backend, where the user-provided credentials are used to generate a session ID that is tightly coupled with the system’s flag....

Introduction This challenge is an OSINT challenge from the PWNME CTF. Context explanation John Droper is a Franco-British individual who leaves an enormous digital footprint. (Note: He speaks both English and French, and some information can only be found through one of these languages.) Directive You have to find one of his main social media Solution So here we only have one information about the person, his name. So we will have to search for it on the internet....

Introduction This is a WEB challenge from the PWNME CTF. Context Explanation Here, you can check the content present on the server. Prompt Find a way to abuse this functionality and read the contents of the flag.txt file. Solution This is the challenge homepage. What I noticed immediately is the <?= shell_exec('ls '.$parsed); ?> present in the source code. If we can control the $parsed variable, we can execute commands....

HeroCTF v5 Write-Up Web Easy - Best School Description: 1 An anonymous company has decided to publish a ranking of the best schools, based on the number of clicks on a button! Make sure to put the 'Flag CyberSecurity School' in first place and you will get your reward! We arrive on a page that displays a list of schools with the number of votes. We can vote for a school by clicking on the I'm at this school button next to the school....

Introduction The website consists of a single page for generating birthday cards. It features a form with 4 fields: sender, recipient, message, and message_final. Upon submitting the form, a card is generated and displayed on the page with the entered values. Context Explanation We had access to the application’s source code, which is as follows: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 from flask import Flask, request, jsonify, abort, render_template_string, session, redirect import builtins as _b import sys import os app = Flask(__name__) app....

Introduction Context Explanation The “Temptation” challenge is a web application security exercise focusing on template injection vulnerabilities in Python web applications. Directive The goal is to retrieve a flag by exploiting vulnerabilities in the web application. Solution Analyzing source code First, we need to retrieve the application’s source code. The webpage contains a hidden comment suggesting to look at /?source. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 <html> <head> <title>Temptation</title> </head> <body> <h1>Temptation challenge</h1> <form action="/" method="POST"> <table> <tr> <th> <label for="temptation">What is your temptation?...

Introduction This challenge is an OSINT challenge from PWNME CTF. Context Explanation To understand the context of the challenge, refer to the introduction challenge description. Task As a budding developer, find information about this undeveloped passion. Solution On John Droper’s Facebook profile, we can see that he has a username: jdthetraveller. We keep this in mind for later. On his feed, we have information about his username. He says that he chose it on AFNIC, which is a domain name registry solution....

Introduction This challenge is a WEB challenge from the PWNME 2023 CTF. Background explanation A company needs a website to generate a QR Code. They asked a freelancer to do this work. Since the website went live, they have noticed strange behavior on their server. They need your help to audit their code and help them solve their problem. Directive The flag is located in /app/flag.txt. Solution The website’s sources are available for download here....

Introduction Bypass the security of a website that implements Referer-based authentication. Solution By looking at the challenge sources, we find two folders: app and nginx. In the nginx folder, we find an nginx.conf file that contains the server’s configuration. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 worker_processes auto; events { worker_connections 128; } http { charset utf-8; access_log /dev/stdout; error_log /dev/stdout; upstream express_app { server app:3000; } server { listen 80; server_name example....