Web

Introduction This is a WEB challenge from the PWNME CTF. Context Explanation Here, you can check the content present on the server. Prompt Find a way to abuse this functionality and read the contents of the flag.txt file. Solution This is the challenge homepage. What I noticed immediately is the <?= shell_exec('ls '.$parsed); ?> present in the source code. If we can control the $parsed variable, we can execute commands....

Introduction This challenge is a WEB challenge from the PWNME 2023 CTF. Background explanation A company needs a website to generate a QR Code. They asked a freelancer to do this work. Since the website went live, they have noticed strange behavior on their server. They need your help to audit their code and help them solve their problem. Directive The flag is located in /app/flag.txt. Solution The website’s sources are available for download here....

Introduction This challenge is a WEB challenge from the PWNME 2023 CTF. Context explanation A pro player challenges you in a new game. They have spent a lot of time on it and achieved an extremely high score. Directive Your goal is to beat them by any means necessary. Solution The challenge is a game where you must move a ship to avoid shots and fire at enemies. The player you must beat is Eteck, the challenge creator, who has a score of 1337420....

Introduction This challenge is a WEB challenge from the PWNME CTF. Context Explanation A company needs a website to generate a QR Code. They asked a freelancer to do the job. Since the website went live, they noticed strange behavior on their server. They need you to audit their code and help them fix their problem. Directive The flag is located in /app/flag.txt Solution The web application to test is a blog that allows you to create articles and display them....