> For the complete documentation index, see [llms.txt](https://codingmace.gitbook.io/masterward/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://codingmace.gitbook.io/masterward/ctf/2021/picoctf/web.md).

# Web Exploitation

### GET aHEAD \[20 pts] \[Not Solved]

> **Description**
>
> &#x20;Find the flag being held on this server to get ahead of the competition <http://mercury.picoctf.net:53554/>

**Solution**

a

**Flag:**&#x20;

### Cookies \[40 pts] \[Not Solved]

> **Description**
>
> &#x20;Who doesn't love cookies? Try to figure out the best one. <http://mercury.picoctf.net:6418/>

**Solution**

a

**Flag:**&#x20;

### Scavenger Hunt \[50 pts] \[Not Solved]

> **Description**
>
> &#x20;There is some interesting information hidden around this site <http://mercury.picoctf.net:27278/>. Can you find it?

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 1 \[70 pts] \[Not Solved]

> **Description**
>
> <http://mercury.picoctf.net:1896/index.html>

**Solution**

a

**Flag:**&#x20;

### More Cookies \[90 pts] \[Not Solved]

> **Description**
>
> &#x20;I forgot Cookies can Be modified Client-side, so now I decided to encrypt them! <http://mercury.picoctf.net:25992/>

**Solution**

a

**Flag:**&#x20;

### It is my Birthday \[100 pts] \[Not Solved]

> **Description**
>
> &#x20;I sent out 2 invitations to all of my friends for my birthday! I'll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn't believe how long it took me to find a collision. Anyway, see if you're invited by submitting 2 PDFs to my website. <http://mercury.picoctf.net:57247/>

**Solution**

a

**Flag:**&#x20;

### Who are you? \[100 pts] \[Not Solved]

> **Description**
>
> &#x20;Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn <http://mercury.picoctf.net:39114/>

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 2 \[110 pts] \[Not Solved]

> **Description**
>
> [http://mercury.picoctf.net:15406/index.html
> ](<http://mercury.picoctf.net:15406/index.html&#xD;&#xA;&#xD;&#xA;>)

**Solution**

a

**Flag:**&#x20;

### Super Serial \[130 pts] \[Not Solved]

> **Description**
>
> &#x20;Try to recover the flag stored on this website <http://mercury.picoctf.net:8404/>

**Solution**

a

**Flag:**&#x20;

### Most Cookies \[150 pts] \[Not Solved]

> **Description**
>
> &#x20;Alright, enough of using my own encryption. Flask session cookies should be plenty secure! [server.py](https://mercury.picoctf.net/static/26760321c25c9659050a37a707247690/server.py) <http://mercury.picoctf.net:52134/>

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 3 \[160 pts] \[Not Solved]

> **Description**
>
> <http://mercury.picoctf.net:10388/index.html>

**Solution**

a

**Flag:**&#x20;

### Web Gauntlet 2 \[170 pts] \[Not Solved]

> **Description**
>
> &#x20;This website looks familiar... Log in as admin Site: <http://mercury.picoctf.net:26215/> Filter: <http://mercury.picoctf.net:26215/filter.php>

**Solution**

a

**Flag:**&#x20;

### Some Assembly Required 4 \[200 pts] \[Not Solved]

> **Description**
>
> <http://mercury.picoctf.net:43997/index.html>

**Solution**

a

**Flag:**&#x20;

### X marks the spot \[250 pts] \[Not Solved]

> **Description**
>
> Another login you have to bypass. Maybe you can find an injection that works? <http://mercury.picoctf.net:59946/>

**Solution**

a

**Flag:**&#x20;

### Web Gauntlet \[300 pts] \[Not Solved]

> **Description**
>
> &#x20;Last time, I promise! Only 25 characters this time. Log in as admin Site: <http://mercury.picoctf.net:29772/> Filter: <http://mercury.picoctf.net:29772/filter.php>

**Solution**

a

**Flag:**&#x20;

### Bithug \[500 pts] \[Not Solved]

> **Description**
>
> Code management software is way too bloated. Try our new lightweight solution, BitHug.\
> Source: [distribution.tgz](https://venus.picoctf.net/static/fa09f347d559b6ae3c0824921f38a6ff/distribution.tgz)

**Solution**

a

**Flag:**&#x20;


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://codingmace.gitbook.io/masterward/ctf/2021/picoctf/web.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.