HeroCTF v5 Write-Up Web Easy - Best School Description: 1 An anonymous company has decided to publish a ranking of the best schools, based on the number of clicks on a button! Make sure to put the 'Flag CyberSecurity School' in first place and you will get your reward! We arrive on a page that displays a list of schools with the number of votes. We can vote for a school by clicking on the I'm at this school button next to the school....
Introduction Bypass the security of a website that implements Referer-based authentication. Solution By looking at the challenge sources, we find two folders: app and nginx. In the nginx folder, we find an nginx.conf file that contains the server’s configuration. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 worker_processes auto; events { worker_connections 128; } http { charset utf-8; access_log /dev/stdout; error_log /dev/stdout; upstream express_app { server app:3000; } server { listen 80; server_name example....
Introduction One of your friends had an argument with a Flask developer. He tried to handle it on his own, but he ended up hitting a roadblock… Can you put your hacking skills to use and help him out? You should probably be able to access the server hosting your target’s latest project, right? I heard they make a lot of programming mistakes… Solution When we launch the challenge, we arrive at an error page that says:...
Introduction Try to access the content of the admin user’s secret note. Solution The challenge is a blog with authentication. On the homepage, we can see several posts from different users, and in the header, it says A community of 8 authors. By clicking on the name of one user, for example, lolo, who is the author of the first article, we are taken to the user’s profile page. Non-essential note for exploiting the challenge: After launching multiple instances, I realized that the 8 users are always the same: admin, bob, alice, and 5 other random users (lolo, tata, toto, …)....
Introduction Log in to the admin account and retrieve the flag. Prerequisites Completed the challenge Blogodogo #1 The referral token 83d99a0ac225079db31b44a2e58b19f0 to create an account. Solution After successfully completing the previous challenge, Blogodogo #1, we obtain a referral code that allows us to create an account. This allows us to create an account with the credentials test:test. In the challenge sources, there is a directory called /bot which simulates an administrator’s connection and clicks on a link passed as a parameter:...