14 posts tagged with "Web"

Challenge​

Create a note and share with admin :eyes:
Note : Bruteforce is not required.

Challenge​

Can you yoink an image from the admin page?

App: http://35.224.135.84:3200 Admin bot: http://35.224.135.84:3201

Challenge​

Laura just found a website used for monitoring security mechanisms on Rhiza's state and is planning to hack into it to forge the status of these security services. After that she will desactivate these security resources without alerting government agents. Your goal is to get into the server to change the monitoring service behavior.

Server: nc illusion.pwn2win.party 1337

Challenge​

The source for this corporate zero-trust multi factor login portal has been leaked! Figure out how to defeat the super-secure one time code. settings Service: http://corpmfa-01.play.midnightsunctf.se

Solution​

Solution​

問題ページが与えられる

https://2019shell1.picoctf.com/problem/12273/

左上のハンバーガーメニューから「Admin Login」ページへ飛ぶ

プロジェクト構成​

project/
│
├─ conf/
│  │
│  └─ csp.conf
│
├─ php/
│  │
│  └─ index.php
│
└─ Dockerfile

Codestar でプロジェクトを作成​

AWS Codestar

AWS Codestar は Git レポジトリをベースにウェブアプリケーションを開発・AWS へデプロイが可能なサービスです。

CTF の Web 問題で XSS を出題するときに必要となる Admin クローラーを AWS Elastic Beanstalk 上で作成するときにつまずいたときのメモ

Admin クローラーとは​

XSS の exploit コードが含まれたページを(問題提供側が用意する仮想の)攻撃対象に読み込ませ秘匿情報を引き出すことができるかジャッジするクローラー

Challenge​

My hated friend releases a service which extracts images from a document. I want to break it to read /flag.

Problem​

Storing passwords on my own server seemed unsafe, so I stored it on a seperate one instead.
However, the connection between them is very slow and I have no idea why.

https://networked-password.web.chal.hsctf.com/