WEB – Dolla Dolla Dillz

Dolla Dolla Dillz Writeup by Srdnlen Category: WEB. Solves: 8 Points: 200 Description: (=^・ω・^=) http://dillz.wpictf.xyz made by: ollien Note: cataas.com is NOT part of this challenge Writeup The website looks pretty simple in the frontend, we have a login form and a registration form in which we tried some injections that didn’t work, after weContinua a leggere “WEB – Dolla Dolla Dillz”

Web – cereal hacker 2

cereal hacker 2 – 500pt Challenge Get the admin’s password. https://2019shell1.picoctf.com/problem/62195/ or http://2019shell1.picoctf.com:62195 Hints No hints Solution It is a little bit different and harder than the previous challenge, in fact it is a local file inclusion exploit; The problem was that the server appended .php after the name of the file parameter on theContinua a leggere “Web – cereal hacker 2”

Web – cereal hacker 1

cereal hacker 1 – 450pt Challenge Login as admin. https://2019shell1.picoctf.com/problem/49879/ or http://2019shell1.picoctf.com:49879 Hints No hints Solution After a quick check on the code I tried to exploit the file parameter on the url, but with no result; after a lot of guessing we figured out one page name: admin It will be foundamental later. AfterContinua a leggere “Web – cereal hacker 1”

Web – open-to-admins

Open-to-admins – 200pt Challenge This secure website allows users to access the flag only if they are admin and if the time is exactly 1400. https://2019shell1.picoctf.com/problem/32249/ or http://2019shell1.picoctf.com:32249 Hints Can cookies help you to get the flag? Solution After a ton of research and testing I found out that it was a lot easyier thanContinua a leggere “Web – open-to-admins”

Web – Client-side-again

Client-side-again – 200pt Challenge Can you break into this super secure portal? https://2019shell1.picoctf.com/problem/47277/ (link) or http://2019shell1.picoctf.com:47277 Hints What is obfuscation? Solution This challenge is very similar to dont-use-client-side, we have a very simple page with a password verification, if we inspect the page we can find an embedded js script which is very messy. WeContinua a leggere “Web – Client-side-again”

Web – picobrowser

picobrowser – 200pt Challenge This website can be rendered only by picobrowser, go and catch the flag! https://2019shell1.picoctf.com/problem/45071/ (link) or http://2019shell1.picoctf.com:45071 Hints You dont need to download a new web browser Solution When we connect to the website we can see a big green “flag” button but if we press it we get an errorContinua a leggere “Web – picobrowser”

Web – Empire3

Empire3 – 500pt Challenge Agent 513! One of your dastardly colleagues is laughing very sinisterly! Can you access his todo list and discover his nefarious plans? https://2019shell1.picoctf.com/problem/32252/ (link) or http://2019shell1.picoctf.com:32252 Hints Pay attention to the feedback you get There is very limited filtering in place – this to stop you from breaking the challenge forContinua a leggere “Web – Empire3”

Web – Empire2

Empire2 – 450pt Challenge Well done, Agent 513! Our sources say Evil Empire Co is passing secrets around when you log in: https://2019shell1.picoctf.com/problem/40536/ (link), can you help us find it? or http://2019shell1.picoctf.com:40536 Hints Pay attention to the feedback you get There is very limited filtering in place – this to stop you from breaking theContinua a leggere “Web – Empire2”

Web – Empire1

Empire1 – 400pt Challenge Psst, Agent 513, now that you’re an employee of Evil Empire Co., try to get their secrets off the company website. https://2019shell1.picoctf.com/problem/27357/ (link) Can you first find the secret code they assigned to you? or http://2019shell1.picoctf.com:27357 Hints Pay attention to the feedback you get There is very limited filtering in placeContinua a leggere “Web – Empire1”