# Web Exploitation

### Insp3ct0r \[50 pts]

> **Description**
>
> &#x20;Kishor Balan tipped us off that the following code may need inspection: `https://jupiter.challenges.picoctf.org/problem/41511/` ([link](https://jupiter.challenges.picoctf.org/problem/41511/)) or <http://jupiter.challenges.picoctf.org:41511>

**Solution**

As the title suggests towards using the Inspect element. I decided to save the whole page and search through it locally. It gives 3 files css.css \[useless], mycss.css, myjs.js, and then of course a file for the HTML page. Looking through each file, in the comments was the flag.

**Flag: picoCTF{tru3\_d3t3ct1ve\_0r\_ju5t\_lucky?832b0699}**

### where are the robots \[100 pts]

> **Description**
>
> &#x20;Can you find the robots? `https://jupiter.challenges.picoctf.org/problem/36474/` ([link](https://jupiter.challenges.picoctf.org/problem/36474/)) or <http://jupiter.challenges.picoctf.org:36474>

**Solution**

The robots file is a trivial common-known file that displays what web crawlers are looking at when indexing a website. So going to this URL revealed the file/path to go-to for the flag.`https://jupiter.challenges.picoctf.org/problem/36474/robots.txt`

**Flag: picoCTF{ca1cu1at1ng\_Mach1n3s\_477ce}**

### logon \[100 pts]

> **Description**
>
> The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at? `https://jupiter.challenges.picoctf.org/problem/13594/` ([link](https://jupiter.challenges.picoctf.org/problem/13594/)) or <http://jupiter.challenges.picoctf.org:13594>

**Solution**

At first, we are given a username and password form. Of course, I tried admin, admin and that logged in to the no flag screen. I then logged out and did a which also logged in. I realized that the form was not the challenge it was other parts of the message. I sent a fake form and found an interesting variable when requesting the /flag page.<br>

![](https://980792987-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Md9Bzo_DCKomMglV10a%2F-MfiP50efo3D5BNebQRG%2F-MfiScRbF4JGxys1Azxs%2Fimage.png?alt=media\&token=30d1b30e-f7c1-4f0a-8882-a5029f939d84)

Admin existed and was set to false. Turning that true revealed the flag.&#x20;

**Flag: picoCTF{th3\_c0nsp1r4cy\_l1v3s\_d1c24fef}**

### dont-use-client-side \[100 pts] \[Not Solved]

> **Description**
>
> &#x20;Can you break into this super secure portal? `https://jupiter.challenges.picoctf.org/problem/37821/` ([link](https://jupiter.challenges.picoctf.org/problem/37821/)) or <http://jupiter.challenges.picoctf.org:37821>

**Solution**

a

**Flag:**&#x20;

### picobrowser \[200 pts] \[Not Solved]

> **Description**
>
> &#x20;This website can be rendered only by **picobrowser**, go and catch the flag! `https://jupiter.challenges.picoctf.org/problem/26704/` ([link](https://jupiter.challenges.picoctf.org/problem/26704/)) or <http://jupiter.challenges.picoctf.org:26704>

**Solution**

a

**Flag:**&#x20;

### Client-side-again \[200 pts] \[Not Solved]

> **Description**
>
> &#x20;Can you break into this super secure portal? `https://jupiter.challenges.picoctf.org/problem/56816/` ([link](https://jupiter.challenges.picoctf.org/problem/56816/)) or <http://jupiter.challenges.picoctf.org:56816>

**Solution**

a

**Flag:**&#x20;

### Irish-Name-Repo 1 \[300 pts] \[Not Solved]

> **Description**
>
> &#x20;There is a website running at `https://jupiter.challenges.picoctf.org/problem/33850/` ([link](https://jupiter.challenges.picoctf.org/problem/33850/)) or <http://jupiter.challenges.picoctf.org:33850>. Do you think you can log us in? Try to see if you can login!

**Solution**

a

**Flag:**&#x20;

### Irish-Name-Repo 2 \[350 pts] \[Not Solved]

> **Description**
>
> &#x20;There is a website running at `https://jupiter.challenges.picoctf.org/problem/64649/` ([link](https://jupiter.challenges.picoctf.org/problem/64649/)). Someone has bypassed the login before, and now it's being strengthened. Try to see if you can still login! or <http://jupiter.challenges.picoctf.org:64649>

**Solution**

a

**Flag:**&#x20;

### Irish-Name-Repo 3 \[400 pts] \[Not Solved]

> **Description**
>
> There is a secure website running at `https://jupiter.challenges.picoctf.org/problem/54253/` ([link](https://jupiter.challenges.picoctf.org/problem/54253/)) or <http://jupiter.challenges.picoctf.org:54253>. Try to see if you can login as admin!

**Solution**

a

**Flag:**&#x20;

### JaWT Scratchpad \[400 pts] \[Not Solved]

> **Description**
>
> &#x20;Check the admin scratchpad! `https://jupiter.challenges.picoctf.org/problem/63090/` or <http://jupiter.challenges.picoctf.org:63090>

**Solution**

a

**Flag:**&#x20;

### Java Script Kiddie \[400 pts] \[Not Solved]

> **Description**
>
> The image link appears broken... <https://jupiter.challenges.picoctf.org/problem/58112> or <http://jupiter.challenges.picoctf.org:58112>

**Solution**

a

**Flag:**&#x20;

### Java Script Kiddie 2 \[450 pts] \[Not Solved]

> **Description**
>
> The image link appears broken... twice as badly... <https://jupiter.challenges.picoctf.org/problem/42899> or <http://jupiter.challenges.picoctf.org:42899>

**Solution**

a

**Flag:**&#x20;

###