Tag: Web Exploitation
-
picoCTF 2022 | SQLiLite Write-up
Can you login to this website? Category: Web Exploitation An unexpectedly fast challenge for me, which was admittedly rather anti-climatic. Regardless, we begin the challenge by launching the instance and visiting the website. We are presented with a login form. The challenge’s hint says that we want to be logged in as admin. That leaves…
-
picoCTF 2022 | SQL Direct Write-up
Connect to this PostgreSQL server and find the flag! Category: Web Exploitation You have to first launch the challenge instance to receive further instructions. For me, the first step is finding and installing PostgreSQL on my own machine. Next, follow the provided instructions to log into the database server. This being my first time using…
-
picoCTF 2022 | Secrets Write-up
We have several pages hidden. Can you find the one with the flag? The website is running here. Category: Web Exploitation I felt like I took way more time solving this than I should have, but perhaps I needed a refreshed mind to think efficiently. Regardless, the first step is always the same, let’s inspect…
-
picoCTF 2022 | Roboto Sans Write-up
The flag is somewhere on this web application not necessarily on the website. Find it. Check this out. Category: Web Exploitation While the challenge’s title is indeed the name of a popular font, this is a clever pun, hinting towards the main target of the challenge: the robots.txt file. robots.txt is a file used to…
-
picoCTF 2022 | Power Cookie Write-up
Can you get the flag? Go to this website and see what you can discover. Category: Web Exploitation This is the first cookie-based challenge of the 2022 batch, and a simple one to start off with. Let’s get started by going to the website in the challenge description, and pressing “Continue as guest”. At this…
-
picoCTF 2022 | Forbidden Paths Write-up
Can you get the flag? Here’s the website. We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag? Category: Web Exploitation First, I tried to input /flag.txt, but that sadly doesn’t work.…
-
picoCTF 2022 | Search Source Write-up
The developer of this website mistakenly left an important artifact in the website source, can you find it? The website is here Category: Web Exploitation The flag is located in a comment in the style.css file. You can get lucky while manually looking for it while inspecting the source.But, the better solution is to clone…
-
picoCTF 2022 | Local Authority Write-up
Can you get the flag? Go to this website and see what you can discover. Category: Web Exploitation Inspecting the website’s source, we can find the login.php file responsible for managing the login form: Inspecting that file itself, we find inside it a javascript file called secure.js: Finally, inside it, we can find the credentials…
-
picoCTF 2022 | Includes Write-up
Can you get the flag? Go to this website and see what you can discover. Category: Web Exploitation With these types of challenges, the first step tends to be to inspect the website source and see if anything is hidden in the HTML: The next step would be to check the .css and .js files.…
Duy's Tinkerings 