Hackfest 2.0 CTF
Web Challenges
Chiti
Chiti is a very easy web challenge.We start off by getting a hint in the source code shifting our focus to the robots.txt file and we get the flag.
Other than the poetic description we don’t get much from the challenge description.Let’s visit the site:
The site is a static web page for a car selling company but viewing the source code we get a html comment that’s promising: Decoding the
base64 we get:
1
2
3
4
echo -n IEkgYW0gbm90IGEgcm9ib3QhISEg | base64 -d
I am not a robot!!!
From this we can deduce that we are needed to visit the robots.txt file.
[!NOTE] A robots.txt file tells search engine crawlers which URLs the crawler can access on your site.
Viewing the file we get our flag.
But this doesn’t look like our normal flag format, for quick decoding lets use cyberchef that will identify the encoding and give use the decoded text.
flag : csk{R0b0ts_Ar3_H3lpful} Solving this challenge unlocks the next challenge.
Truth Lies
Here is another much simpler web challenge that was unlocked after solving the previous one chiti .In Truth Lies we are redirected too the /dashboard page that we got from the robots.txt file ,the dashboard displays a static login page but viewing the source code we get the encoded flag.
The link redirects us to this login page:
The login page does’t post any requests lets view the source code to understand it better:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" href="[/assets/css/dashboard.css](view-source:https://carvilla-one.vercel.app/assets/css/dashboard.css)">
</head>
<body>
<h1>Admin Log in </h1>
<div class="log">
<form >
<label for="uname">User Name:</label>
<input type="text" name="uname" JN4VKSDBMNVXG62MGAYGWX2EGMZXAMLOOQYF6QZQMQZX2=== required><br><br>
<label for="password">Password:</label>
<input type="password" name="password" required><br><br>
<input type="submit" name="submit" value="Log In">
</form>
</div>
</body>
</html>
Before we do further code review let try decoding the text that catches our eyes at a glance;
Flag : KyUHacks{L00k_D33p1nt0_C0d3}
Matters logic
In this challenge we shall be exploiting an sql injection vulnerability to by-pass the authentication on the login page the only challenge is getting a valid username.
Hint : log in as the SU
Visiting the website.
This time the login page is not static, we can try authenticating but for that we need a valid username and a password or find some other way to bypass it, like sql injection . From the hint and some search we learn that SU refers to Super User , in website the user with this super privileges is the admin. Now that we have a username to go with lets try some sql injection queries. payload : admin'-- -
As usual we are getting an encoded flag lets visit cyberchef and decode the text:
flag : Meru{D4t4b4s3_0wn3d!} The challenge unlocks another challenge.
Mighty Sword
In Mighty Sword we shall be exploiting an XSS vulnerability but we cant use the alert() function thus we have to search for alternative functions also the flag decode part is tricky :)
Challenge description : The pen is mightier than the sword, but can your words summon an alert from the shadows? Hint : Alert Alternatives :)
The link redirects us to the admin dashboard :
Here we are congratulated an requested to leave a comment. From the challenge description we can guess it’s a xss vulnerability that we can exploiti using the basic alert script <script>alert("Pwnus")</script> .But the hint warns us that we should use alert alternative functions . Some googling and we get the prompt() and the print() Lets craft our payloads:
1
2
<script>print("Pwnus")</script>
<script>prompt("Pwnus")</script>
Using the payloads we get the encoded flag
Cyberchef to the rescue :) Decoding was the hard part since one needed to know the rotate amounts but since the previous challenge was ROT13 i used ROT13 Brute force and got the flag.
flag : Meru{Scr1pt1ng_G0n3_W1ld}
Thanks for reading my writeup, this was my ctf’s to create hope you enjoyed and feel free to connect and let’s pwn more :) #pwnus