Web Exploitation
Insp3ct0r [50 pts]
Description
Kishor Balan tipped us off that the following code may need inspection:
https://jupiter.challenges.picoctf.org/problem/41511/(link) or http://jupiter.challenges.picoctf.org:41511
Solution
As the title suggests towards using the Inspect element. I decided to save the whole page and search through it locally. It gives 3 files css.css [useless], mycss.css, myjs.js, and then of course a file for the HTML page. Looking through each file, in the comments was the flag.
Flag: picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?832b0699}
where are the robots [100 pts]
Description
Can you find the robots?
https://jupiter.challenges.picoctf.org/problem/36474/(link) or http://jupiter.challenges.picoctf.org:36474
Solution
The robots file is a trivial common-known file that displays what web crawlers are looking at when indexing a website. So going to this URL revealed the file/path to go-to for the flag.https://jupiter.challenges.picoctf.org/problem/36474/robots.txt
Flag: picoCTF{ca1cu1at1ng_Mach1n3s_477ce}
logon [100 pts]
Description
The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at?
https://jupiter.challenges.picoctf.org/problem/13594/(link) or http://jupiter.challenges.picoctf.org:13594
Solution
At first, we are given a username and password form. Of course, I tried admin, admin and that logged in to the no flag screen. I then logged out and did a which also logged in. I realized that the form was not the challenge it was other parts of the message. I sent a fake form and found an interesting variable when requesting the /flag page.
Admin existed and was set to false. Turning that true revealed the flag.
Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_d1c24fef}
dont-use-client-side [100 pts] [Not Solved]
Description
Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/37821/(link) or http://jupiter.challenges.picoctf.org:37821
Solution
a
Flag:
picobrowser [200 pts] [Not Solved]
Description
This website can be rendered only by picobrowser, go and catch the flag!
https://jupiter.challenges.picoctf.org/problem/26704/(link) or http://jupiter.challenges.picoctf.org:26704
Solution
a
Flag:
Client-side-again [200 pts] [Not Solved]
Description
Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/56816/(link) or http://jupiter.challenges.picoctf.org:56816
Solution
a
Flag:
Irish-Name-Repo 1 [300 pts] [Not Solved]
Description
There is a website running at
https://jupiter.challenges.picoctf.org/problem/33850/(link) or http://jupiter.challenges.picoctf.org:33850. Do you think you can log us in? Try to see if you can login!
Solution
a
Flag:
Irish-Name-Repo 2 [350 pts] [Not Solved]
Description
There is a website running at
https://jupiter.challenges.picoctf.org/problem/64649/(link). Someone has bypassed the login before, and now it's being strengthened. Try to see if you can still login! or http://jupiter.challenges.picoctf.org:64649
Solution
a
Flag:
Irish-Name-Repo 3 [400 pts] [Not Solved]
Description
There is a secure website running at
https://jupiter.challenges.picoctf.org/problem/54253/(link) or http://jupiter.challenges.picoctf.org:54253. Try to see if you can login as admin!
Solution
a
Flag:
JaWT Scratchpad [400 pts] [Not Solved]
Description
Check the admin scratchpad!
https://jupiter.challenges.picoctf.org/problem/63090/or http://jupiter.challenges.picoctf.org:63090
Solution
a
Flag:
Java Script Kiddie [400 pts] [Not Solved]
Description
The image link appears broken... https://jupiter.challenges.picoctf.org/problem/58112 or http://jupiter.challenges.picoctf.org:58112
Solution
a
Flag:
Java Script Kiddie 2 [450 pts] [Not Solved]
Description
The image link appears broken... twice as badly... https://jupiter.challenges.picoctf.org/problem/42899 or http://jupiter.challenges.picoctf.org:42899
Solution
a
Flag:
Last updated
