● buckeyenotes The word "=" is filtered. Bypass it. Payload : ' or username like 'brutusB3stNut9999' and password like '%a%'-- Flag : buckeye{wr1t3_ur_0wn_0p3n_2_pwn} ● pong I can't find any flag in this service. I guessed if I win this game, I can get a flag. There are no given source code. So I just looked up devtools, then I could find below code. const socket = io(); const canvas = document...

● Cvg3n3rat0r This is the main page. If I write down some words and click the submit, you can download a file. The result file is like this. I don't have much ideas, so I simply tried some code in there. There is nothing in result file. In this case, I can assume two situations. First, the service has word filtering. Second, the service recognized script tag and apply it in appropriate way. I th..

● Bug Hunter I can get a hint in main page. It gives a word "Reflected XSS". So I tried some test payload using "tsukushi" parameter. I can trigger XSS. But where is the flag? I can't guess anything, so checked description. They gave me "guess" and "RFC". I searched about RFC and find hint like this. I entered into "/.well-kown/security.txt". Got it. Technically, it's not xss problem I expected...

It's shame that I can't solve all challenge in web section. I must study harder. ● web/sources You can check flag in DevTools, Flag flag{bd6a9e3f1690f7abb8445c0e} ● password-1 When you enter into "/api/outout" endpoint, can check the flag Flag flag{why_is_hashing_in_browser_so_hard} ● password-2 payload : 1' or 1=1-- Flag flag{i_love_in_memory_sqlite} ● web/notes1 const add = (note) => { const i..

보호되어 있는 글입니다.

This service related to next.js. // globalVars.js const globalVars = { TITLE: "My First App!", SECRET: "here is my secret: https://www.youtube.com/watch?v=jIQ6UV2onyI", FLAG: "FLAGFLAGFLAG", }; export default globalVars; I can see fake flag and SECRET with link. I entered it, but no important information in there. Let's look around more. import Head from 'next/head' import Image from 'next/image..

I didn't spend too much time in this CTF. So I wrote writeups about only few problems. ● [ I love browsers ] In this main page, it shows "Hello [user's browser] user" sentence. The two ways that service knows user's website is using Javascript or using "User-agent" header. This service doesn't seem to run by javascript, so I tested by using "User-agent" header. I wrote Safari in it, this service..

90% guessy, 10% challenge. ● [ Choosy ] I found the word "script" is fitered. I could infer this problem is about XSS exploit. payload Flag shellctf{50oom3_P4yL0aDS_aM0ng_Maaa4nnY} ● [ Extractor ] The service is consists of "Register Page" & "Login Page". I try sql injection attack in Login Page. First, I didn't know what kind of sql this service use. So I tried to find sql version. Then..

I skipped write-up super easy problems. WEB ● [ Are you Admin? ] I can't modify "isAdmin" section by fiddler, so I decided to use curl command to fix isAdmin = true. curl -i -H 'Content-Type: application/json' -d '{"username":"derp","isAdmin":true}' 'http://01.linux.challenges.ctf.thefewchosen.com:49395/api/auth' Flag : TFCCTF{S4n1t1z3_Y0ur_1nput5!} ● [ DeepLinks ] Description tells "Find out hi..