MasterWard Profile
  • Introduction
  • Media Links
  • Resume
  • HackThebox Notes
    • RedPanda
    • Metatwo
  • CTF Contest Writeups
    • 2017
      • Takoma Park CTF
      • TUCTF 2017
      • HITCON CTF 2017 Quals
      • CSAW CTF Qualification Round 2017
      • SEC-T CTF
      • Backdoor CTF 2017
      • Hack Dat Kiwi 2017
      • Kaspersky 2017
      • Hack.lu 2017
      • HackCon 2017
      • Defcamp 2017
      • Square CTF 2017
      • Mitre 2017
      • EKOPARTY CTF 2017
    • 2018
      • SEC-T CTF
      • Hackcon 2018
      • EasyCTF IV 2018
      • DefCamp CTF Qualifiers
      • PACTF 2018
      • CSAW CTF Qualifiers 2018
      • PicoCTF 2018
    • 2019
      • Newark Academy CTF 2019
      • Crypto CTF 2019
      • PicoCTF 2019
        • General Skills
        • Binary Exploitations
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • TAMUctf 19
    • 2021
      • picoCTF 2021
        • General Skills
        • Binary Exploitation
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • HackiHoli
      • S.H.E.L.L CTF
      • DawgCTF 2021
      • TCTF 2021
      • RedPwnCTF 2021
      • IJCTF 2021
      • UIUCTF 2021
      • Really Awesome CTF 2021
      • TMUCTF 2021
      • CSAW Qualifiers 2021
      • Pbjar CTF 2021
      • Deadface CTF 2021
    • 2022
      • NahamCon CTF 2022
      • BYUCTF 2022
      • DEF CON Qualifiers 2022
    • Useful Code
  • Software
    • Video Standardization and Compression
    • TOBIAS
    • Tracking Phone
    • Image Compression
    • Do Not Call Database
    • Color Blind Simulator
    • Gmail Unsubscriber
    • MP4 to GIF Converter
    • Optical Character Reading
    • Soft Jobs
    • OBD Project
    • Online Movie Finder
    • Work In Progress
      • Incremental Backup
      • Web Scraper - Wallpaper Edition
      • Web Blocker
      • File Manipulator
      • AppFiller
      • Cyber Security Projects
      • Bsaber AI
    • Ideas
      • CAN Programming
      • Malicious Programs
      • Remove Yourself from the Internet
      • DNA Classic
      • Auto Clicker
      • Adding Depth to a Video
      • Collage Mosaic Generator
      • Game Destroyer
      • Hearing aid Technology
      • Sign Language Recognition
      • Text Summarizer
      • Video to audio to text
      • Video Object Detection
      • VR demonstration
      • More Ideas to Elaborate on
    • Failure
      • Police Camera Radar
      • Already Created
      • Google Maps Game
      • Car price prediction
      • Bullshit Detector
      • Automated Code writter
      • Career Prediction
      • Samsung Remote Control Hack
      • Invalid Finder
      • PiHole Regex Filter
      • Group Archiver
  • Additional Articles
    • Cleaning Up a Computer Tricks
    • Getting started in Cyber Security
    • Speeding Up Your Internet
    • College Experience
    • Currently Writting
      • Reverse Engineering Notes
      • Bug Bounty Guide and Examples
      • OSCP help
      • Job Experience
      • Professional Job-Hunting Experience
Powered by GitBook
On this page
  • Insp3ct0r [50 pts]
  • where are the robots [100 pts]
  • logon [100 pts]
  • dont-use-client-side [100 pts] [Not Solved]
  • picobrowser [200 pts] [Not Solved]
  • Client-side-again [200 pts] [Not Solved]
  • Irish-Name-Repo 1 [300 pts] [Not Solved]
  • Irish-Name-Repo 2 [350 pts] [Not Solved]
  • Irish-Name-Repo 3 [400 pts] [Not Solved]
  • JaWT Scratchpad [400 pts] [Not Solved]
  • Java Script Kiddie [400 pts] [Not Solved]
  • Java Script Kiddie 2 [450 pts] [Not Solved]

Was this helpful?

  1. CTF Contest Writeups
  2. 2019
  3. PicoCTF 2019

Web Exploitation

Insp3ct0r [50 pts]

Description

Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/41511/ (link) or http://jupiter.challenges.picoctf.org:41511

Solution

As the title suggests towards using the Inspect element. I decided to save the whole page and search through it locally. It gives 3 files css.css [useless], mycss.css, myjs.js, and then of course a file for the HTML page. Looking through each file, in the comments was the flag.

Flag: picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?832b0699}

where are the robots [100 pts]

Description

Can you find the robots? https://jupiter.challenges.picoctf.org/problem/36474/ (link) or http://jupiter.challenges.picoctf.org:36474

Solution

The robots file is a trivial common-known file that displays what web crawlers are looking at when indexing a website. So going to this URL revealed the file/path to go-to for the flag.https://jupiter.challenges.picoctf.org/problem/36474/robots.txt

Flag: picoCTF{ca1cu1at1ng_Mach1n3s_477ce}

logon [100 pts]

Description

The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at? https://jupiter.challenges.picoctf.org/problem/13594/ (link) or http://jupiter.challenges.picoctf.org:13594

Solution

At first, we are given a username and password form. Of course, I tried admin, admin and that logged in to the no flag screen. I then logged out and did a which also logged in. I realized that the form was not the challenge it was other parts of the message. I sent a fake form and found an interesting variable when requesting the /flag page.

Admin existed and was set to false. Turning that true revealed the flag.

Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_d1c24fef}

dont-use-client-side [100 pts] [Not Solved]

Description

Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/37821/ (link) or http://jupiter.challenges.picoctf.org:37821

Solution

a

Flag:

picobrowser [200 pts] [Not Solved]

Description

This website can be rendered only by picobrowser, go and catch the flag! https://jupiter.challenges.picoctf.org/problem/26704/ (link) or http://jupiter.challenges.picoctf.org:26704

Solution

a

Flag:

Client-side-again [200 pts] [Not Solved]

Description

Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/56816/ (link) or http://jupiter.challenges.picoctf.org:56816

Solution

a

Flag:

Irish-Name-Repo 1 [300 pts] [Not Solved]

Description

There is a website running at https://jupiter.challenges.picoctf.org/problem/33850/ (link) or http://jupiter.challenges.picoctf.org:33850. Do you think you can log us in? Try to see if you can login!

Solution

a

Flag:

Irish-Name-Repo 2 [350 pts] [Not Solved]

Description

There is a website running at https://jupiter.challenges.picoctf.org/problem/64649/ (link). Someone has bypassed the login before, and now it's being strengthened. Try to see if you can still login! or http://jupiter.challenges.picoctf.org:64649

Solution

a

Flag:

Irish-Name-Repo 3 [400 pts] [Not Solved]

Description

There is a secure website running at https://jupiter.challenges.picoctf.org/problem/54253/ (link) or http://jupiter.challenges.picoctf.org:54253. Try to see if you can login as admin!

Solution

a

Flag:

JaWT Scratchpad [400 pts] [Not Solved]

Description

Check the admin scratchpad! https://jupiter.challenges.picoctf.org/problem/63090/ or http://jupiter.challenges.picoctf.org:63090

Solution

a

Flag:

Java Script Kiddie [400 pts] [Not Solved]

Description

The image link appears broken... https://jupiter.challenges.picoctf.org/problem/58112 or http://jupiter.challenges.picoctf.org:58112

Solution

a

Flag:

Java Script Kiddie 2 [450 pts] [Not Solved]

Description

The image link appears broken... twice as badly... https://jupiter.challenges.picoctf.org/problem/42899 or http://jupiter.challenges.picoctf.org:42899

Solution

a

Flag:

PreviousCryptographyNextTAMUctf 19

Last updated 3 years ago

Was this helpful?