[Internetwache CTF 2016] [Web 50 – Mess Of Hash] Write UpStudents have developed a new admin login technique. I doubt that it’s secure, but the hash isn’t crackable. I don’t know where the problem is…
Attachment: web50.zip
Service: https://mess-of-hash.ctf.internetwache.org/
Continue reading [Internetwache CTF 2016] [Web 50 – Mess Of Hash] Write Up
[Sharif University CTF 2016] [Web 250 – Old persian cuneiform captcha] Write UpDescription
Old Persian cuneiform is a semi-alphabetic cuneiform script that was the primary script for the old persian language. You could get more information on following links,
1- http://www.ancientscripts.com/oldpersian.html
2- https://en.wikipedia.org/wiki/Old_Persian_cuneiform.A web-based collections management for a museum has some extremely valuable information if one has admin user access.We found that the “admin” user have a 4-digit password. But they use a captcha made of 10 old persian characters. One has to use the correspondence between symbols and strings to pass theye captcha verification (use “trans.png”).
Log in as “admin” to find the flag.
the flag is in the fomat: [Your flag is: flagflagflag…] (without braces)
Continue reading [Sharif University CTF 2016] [Web 250 – Old persian cuneiform captcha] Write Up
[Sharif University CTF 2016] [Web 250 – Old persian cuneiform captcha] Write Up [HackIM 2016] [Web 400 – SmashTheState] Write UpThis beautiful website for testing zip files contains a replica of a vulnerability found in a well known bug bounty site.
Log in with rob:smashthestate then exploit the vulnerability to gain access to the ‘admin’ account and the flag.
Automated tools and bruteforcing will not help you solve this challenge.
Continue reading [HackIM 2016] [Web 400 – SmashTheState] Write Up
[9447 CTF 2015] [Web 130 – YWS] Write UpMy friend wrote a cool web server. I’m sure he’s stored some great doxxxs on the website. Can you take a look and report back any interesting things you find?
The web page is at http://yws-fsiqc922.9447.plumbing
