# Web Exploitation

### GET aHEAD \[20 pts] \[Not Solved]

> **Description**
>
> &#x20;Find the flag being held on this server to get ahead of the competition <http://mercury.picoctf.net:53554/>

**Solution**

a

**Flag:**&#x20;

### Cookies \[40 pts] \[Not Solved]

> **Description**
>
> &#x20;Who doesn't love cookies? Try to figure out the best one. <http://mercury.picoctf.net:6418/>

**Solution**

a

**Flag:**&#x20;

### Scavenger Hunt \[50 pts] \[Not Solved]

> **Description**
>
> &#x20;There is some interesting information hidden around this site <http://mercury.picoctf.net:27278/>. Can you find it?

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 1 \[70 pts] \[Not Solved]

> **Description**
>
> <http://mercury.picoctf.net:1896/index.html>

**Solution**

a

**Flag:**&#x20;

### More Cookies \[90 pts] \[Not Solved]

> **Description**
>
> &#x20;I forgot Cookies can Be modified Client-side, so now I decided to encrypt them! <http://mercury.picoctf.net:25992/>

**Solution**

a

**Flag:**&#x20;

### It is my Birthday \[100 pts] \[Not Solved]

> **Description**
>
> &#x20;I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to find a collision. Anyway, see if you're invited by submitting 2 PDFs to my website. <http://mercury.picoctf.net:57247/>

**Solution**

a

**Flag:**&#x20;

### Who are you? \[100 pts] \[Not Solved]

> **Description**
>
> &#x20;Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn <http://mercury.picoctf.net:39114/>

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 2 \[110 pts] \[Not Solved]

> **Description**
>
> [http://mercury.picoctf.net:15406/index.html
> ](http://mercury.picoctf.net:15406/index.html)

**Solution**

a

**Flag:**&#x20;

### Super Serial \[130 pts] \[Not Solved]

> **Description**
>
> &#x20;Try to recover the flag stored on this website <http://mercury.picoctf.net:8404/>

**Solution**

a

**Flag:**&#x20;

### Most Cookies \[150 pts] \[Not Solved]

> **Description**
>
> &#x20;Alright, enough of using my own encryption. Flask session cookies should be plenty secure! [server.py](https://mercury.picoctf.net/static/26760321c25c9659050a37a707247690/server.py) <http://mercury.picoctf.net:52134/>

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 3 \[160 pts] \[Not Solved]

> **Description**
>
> <http://mercury.picoctf.net:10388/index.html>

**Solution**

a

**Flag:**&#x20;

### Web Gauntlet 2 \[170 pts] \[Not Solved]

> **Description**
>
> &#x20;This website looks familiar... Log in as admin Site: <http://mercury.picoctf.net:26215/> Filter: <http://mercury.picoctf.net:26215/filter.php>

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 4 \[200 pts] \[Not Solved]

> **Description**
>
> <http://mercury.picoctf.net:43997/index.html>

**Solution**

a

**Flag:**&#x20;

### X marks the spot \[250 pts] \[Not Solved]

> **Description**
>
> Another login you have to bypass. Maybe you can find an injection that works? <http://mercury.picoctf.net:59946/>

**Solution**

a

**Flag:**&#x20;

### Web Gauntlet \[300 pts] \[Not Solved]

> **Description**
>
> &#x20;Last time, I promise! Only 25 characters this time. Log in as admin Site: <http://mercury.picoctf.net:29772/> Filter: <http://mercury.picoctf.net:29772/filter.php>

**Solution**

a

**Flag:**&#x20;

### Bithug \[500 pts] \[Not Solved]

> **Description**
>
> Code management software is way too bloated. Try our new lightweight solution, BitHug.\
> Source: [distribution.tgz](https://venus.picoctf.net/static/fa09f347d559b6ae3c0824921f38a6ff/distribution.tgz)

**Solution**

a

**Flag:**&#x20;