MasterWard Profile
  • Introduction
  • Media Links
  • Resume
  • HackThebox Notes
    • RedPanda
    • Metatwo
  • CTF Contest Writeups
    • 2017
      • Takoma Park CTF
      • TUCTF 2017
      • HITCON CTF 2017 Quals
      • CSAW CTF Qualification Round 2017
      • SEC-T CTF
      • Backdoor CTF 2017
      • Hack Dat Kiwi 2017
      • Kaspersky 2017
      • Hack.lu 2017
      • HackCon 2017
      • Defcamp 2017
      • Square CTF 2017
      • Mitre 2017
      • EKOPARTY CTF 2017
    • 2018
      • SEC-T CTF
      • Hackcon 2018
      • EasyCTF IV 2018
      • DefCamp CTF Qualifiers
      • PACTF 2018
      • CSAW CTF Qualifiers 2018
      • PicoCTF 2018
    • 2019
      • Newark Academy CTF 2019
      • Crypto CTF 2019
      • PicoCTF 2019
        • General Skills
        • Binary Exploitations
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • TAMUctf 19
    • 2021
      • picoCTF 2021
        • General Skills
        • Binary Exploitation
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • HackiHoli
      • S.H.E.L.L CTF
      • DawgCTF 2021
      • TCTF 2021
      • RedPwnCTF 2021
      • IJCTF 2021
      • UIUCTF 2021
      • Really Awesome CTF 2021
      • TMUCTF 2021
      • CSAW Qualifiers 2021
      • Pbjar CTF 2021
      • Deadface CTF 2021
    • 2022
      • NahamCon CTF 2022
      • BYUCTF 2022
      • DEF CON Qualifiers 2022
    • Useful Code
  • Software
    • Video Standardization and Compression
    • TOBIAS
    • Tracking Phone
    • Image Compression
    • Do Not Call Database
    • Color Blind Simulator
    • Gmail Unsubscriber
    • MP4 to GIF Converter
    • Optical Character Reading
    • Soft Jobs
    • OBD Project
    • Online Movie Finder
    • Work In Progress
      • Incremental Backup
      • Web Scraper - Wallpaper Edition
      • Web Blocker
      • File Manipulator
      • AppFiller
      • Cyber Security Projects
      • Bsaber AI
    • Ideas
      • CAN Programming
      • Malicious Programs
      • Remove Yourself from the Internet
      • DNA Classic
      • Auto Clicker
      • Adding Depth to a Video
      • Collage Mosaic Generator
      • Game Destroyer
      • Hearing aid Technology
      • Sign Language Recognition
      • Text Summarizer
      • Video to audio to text
      • Video Object Detection
      • VR demonstration
      • More Ideas to Elaborate on
    • Failure
      • Police Camera Radar
      • Already Created
      • Google Maps Game
      • Car price prediction
      • Bullshit Detector
      • Automated Code writter
      • Career Prediction
      • Samsung Remote Control Hack
      • Invalid Finder
      • PiHole Regex Filter
      • Group Archiver
  • Additional Articles
    • Cleaning Up a Computer Tricks
    • Getting started in Cyber Security
    • Speeding Up Your Internet
    • College Experience
    • Currently Writting
      • Reverse Engineering Notes
      • Bug Bounty Guide and Examples
      • OSCP help
      • Job Experience
      • Professional Job-Hunting Experience
Powered by GitBook
On this page
  • GET aHEAD [20 pts] [Not Solved]
  • Cookies [40 pts] [Not Solved]
  • Scavenger Hunt [50 pts] [Not Solved]
  • Some Assembly Required 1 [70 pts] [Not Solved]
  • More Cookies [90 pts] [Not Solved]
  • It is my Birthday [100 pts] [Not Solved]
  • Who are you? [100 pts] [Not Solved]
  • Some Assembly Required 2 [110 pts] [Not Solved]
  • Super Serial [130 pts] [Not Solved]
  • Most Cookies [150 pts] [Not Solved]
  • Some Assembly Required 3 [160 pts] [Not Solved]
  • Web Gauntlet 2 [170 pts] [Not Solved]
  • Some Assembly Required 4 [200 pts] [Not Solved]
  • X marks the spot [250 pts] [Not Solved]
  • Web Gauntlet [300 pts] [Not Solved]
  • Bithug [500 pts] [Not Solved]

Was this helpful?

  1. CTF Contest Writeups
  2. 2021
  3. picoCTF 2021

Web Exploitation

PreviousCryptographyNextHackiHoli

Last updated 3 years ago

Was this helpful?

GET aHEAD [20 pts] [Not Solved]

Description

Find the flag being held on this server to get ahead of the competition

Solution

a

Flag:

Cookies [40 pts] [Not Solved]

Description

Who doesn't love cookies? Try to figure out the best one.

Solution

a

Flag:

Scavenger Hunt [50 pts] [Not Solved]

Description

There is some interesting information hidden around this site . Can you find it?

Solution

a

Flag:

Some Assembly Required 1 [70 pts] [Not Solved]

Description

Solution

a

Flag:

More Cookies [90 pts] [Not Solved]

Description

Solution

a

Flag:

It is my Birthday [100 pts] [Not Solved]

Description

Solution

a

Flag:

Who are you? [100 pts] [Not Solved]

Description

Solution

a

Flag:

Some Assembly Required 2 [110 pts] [Not Solved]

Description

Solution

a

Flag:

Super Serial [130 pts] [Not Solved]

Description

Solution

a

Flag:

Most Cookies [150 pts] [Not Solved]

Description

Solution

a

Flag:

Some Assembly Required 3 [160 pts] [Not Solved]

Description

Solution

a

Flag:

Web Gauntlet 2 [170 pts] [Not Solved]

Description

Solution

a

Flag:

Some Assembly Required 4 [200 pts] [Not Solved]

Description

Solution

a

Flag:

X marks the spot [250 pts] [Not Solved]

Description

Solution

a

Flag:

Web Gauntlet [300 pts] [Not Solved]

Description

Solution

a

Flag:

Bithug [500 pts] [Not Solved]

Description

Solution

a

Flag:

I forgot Cookies can Be modified Client-side, so now I decided to encrypt them!

I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to find a collision. Anyway, see if you're invited by submitting 2 PDFs to my website.

Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn

Try to recover the flag stored on this website

Alright, enough of using my own encryption. Flask session cookies should be plenty secure!

This website looks familiar... Log in as admin Site: Filter:

Another login you have to bypass. Maybe you can find an injection that works?

Last time, I promise! Only 25 characters this time. Log in as admin Site: Filter:

Code management software is way too bloated. Try our new lightweight solution, BitHug. Source:

http://mercury.picoctf.net:53554/
http://mercury.picoctf.net:6418/
http://mercury.picoctf.net:27278/
http://mercury.picoctf.net:1896/index.html
http://mercury.picoctf.net:25992/
http://mercury.picoctf.net:57247/
http://mercury.picoctf.net:39114/
http://mercury.picoctf.net:15406/index.html
http://mercury.picoctf.net:8404/
server.py
http://mercury.picoctf.net:52134/
http://mercury.picoctf.net:10388/index.html
http://mercury.picoctf.net:26215/
http://mercury.picoctf.net:26215/filter.php
http://mercury.picoctf.net:43997/index.html
http://mercury.picoctf.net:59946/
http://mercury.picoctf.net:29772/
http://mercury.picoctf.net:29772/filter.php
distribution.tgz