I forgot about this ctf and when i remember , I have only the last 1 hour
So, I’ve solved only web challenge.This is also beginner friendly challenge and I will show you how to solve with python in this challenges for beginner who want to learn python .I didn’t show you some easy challenge like flag in robots.txt etc…, I only show you some interesting challenges, So let’s get start it
Under Development (50)
Web page was look like this
In Source code
So, we know that this challenge is related to cookies, let’s look at cookies with cookie editor.
Decode that value
we need to change this value to admin , let’s create python script :)
Run it and get the flag :)
Collide(100)
Web Page:
As a source code, we need to request with shell and pwn parameters by its value and the value must be different value and same hash. I found this writeup SHA-256-Collision. Let’s create python script.
Python Script:
Fun with Tokens(450)
WebPage:
In Source Code:
In /admin
we get back json response, when I go to /adminNames
I got a file, let’s look at this file
I got username and passowrd
0xd4127c3c #pass
din_djarin11 # username
Go to login page and login with this credentials.After login , look at response header
we got jwt token. let’s decode with jwt.io
when decode is done , it show us username and password as a rot13, admin:snyfr (false in rot13). So we name to change it to true (gehr in rot13 encode, Now our token look like this
Copy that token and let’s create python script :)
That’s all, Thanks for reading , see you in the other post :)
