Web Exploitation
Last updated
Was this helpful?
Last updated
Was this helpful?
Description
Kishor Balan tipped us off that the following code may need inspection:
https://jupiter.challenges.picoctf.org/problem/41511/
() or http://jupiter.challenges.picoctf.org:41511
Solution
As the title suggests towards using the Inspect element. I decided to save the whole page and search through it locally. It gives 3 files css.css [useless], mycss.css, myjs.js, and then of course a file for the HTML page. Looking through each file, in the comments was the flag.
Flag: picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?832b0699}
Description
Can you find the robots?
https://jupiter.challenges.picoctf.org/problem/36474/
() or http://jupiter.challenges.picoctf.org:36474
Solution
The robots file is a trivial common-known file that displays what web crawlers are looking at when indexing a website. So going to this URL revealed the file/path to go-to for the flag.https://jupiter.challenges.picoctf.org/problem/36474/robots.txt
Flag: picoCTF{ca1cu1at1ng_Mach1n3s_477ce}
Description
The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at?
https://jupiter.challenges.picoctf.org/problem/13594/
() or http://jupiter.challenges.picoctf.org:13594
Solution
At first, we are given a username and password form. Of course, I tried admin, admin and that logged in to the no flag screen. I then logged out and did a which also logged in. I realized that the form was not the challenge it was other parts of the message. I sent a fake form and found an interesting variable when requesting the /flag page.
Admin existed and was set to false. Turning that true revealed the flag.
Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_d1c24fef}
Description
Solution
a
Flag:
Description
Solution
a
Flag:
Description
Solution
a
Flag:
Description
Solution
a
Flag:
Description
Solution
a
Flag:
Description
Solution
a
Flag:
Description
Check the admin scratchpad!
https://jupiter.challenges.picoctf.org/problem/63090/
or http://jupiter.challenges.picoctf.org:63090
Solution
a
Flag:
Description
Solution
a
Flag:
Description
Solution
a
Flag:
Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/37821/
() or http://jupiter.challenges.picoctf.org:37821
This website can be rendered only by picobrowser, go and catch the flag! https://jupiter.challenges.picoctf.org/problem/26704/
() or http://jupiter.challenges.picoctf.org:26704
Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/56816/
() or http://jupiter.challenges.picoctf.org:56816
There is a website running at https://jupiter.challenges.picoctf.org/problem/33850/
() or http://jupiter.challenges.picoctf.org:33850. Do you think you can log us in? Try to see if you can login!
There is a website running at https://jupiter.challenges.picoctf.org/problem/64649/
(). Someone has bypassed the login before, and now it's being strengthened. Try to see if you can still login! or http://jupiter.challenges.picoctf.org:64649
There is a secure website running at https://jupiter.challenges.picoctf.org/problem/54253/
() or http://jupiter.challenges.picoctf.org:54253. Try to see if you can login as admin!
The image link appears broken... or
The image link appears broken... twice as badly... or