Wei's

PicoCTF - Who are you?

22 Sep 2022

Challenge

Tags

PicoCTF 2021 / Web Exploitation

Description

Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn
http://mercury.picoctf.net:52362/

Writeup

Note that everyone ‘s port and flag are different!

  1. Visit this site, it says: Only people who use the official PicoBrowser are allowed on this site! So I use ThunderClient to request website and change User-Agent in the header to PicoBrowser.
  2. It says: I don’t trust users visiting from another site. So we can add the key of Referer with the value http://mercury.picoctf.net:52362/ to the header and request website again.
  3. It says: Sorry, this site only worked in 2018. So we can add the key of Date with the value 1 Jan 2018 to the header and request website again.
  4. It says: I don’t trust users who can be tracked. So we can add the key of DNT which means do not track with the value 1 to the header and request website again.
  5. It says: This website is only for people from Sweden. So we can add the key of X-Forwarded-For, which can change the originating IP, with the value random Sweden IP address to the header and request website again.
  6. It says: You’re in Sweden but you don’t speak Swedish? So we can add the key of Accept-Language with the value sv to the header and request website again. Then we can get the flag! ٩(^ᴗ^)۶
  7. Header should be like : remix

PicoCTF - SQLiLite

22 Sep 2022

Challenge

Tags

PicoCTF 2022 / Web Exploitation / sql

Description

Can you login to this website?

Writeup

  1. Launch instance.
  2. Login with random username and password. I use admin as username and xx as password. remix
  3. Now we know the SQL query command, we can use SQL Injection to exploit it.
  4. Use OR 1=1--' as username and password to login again. remix
  5. The flag is hidden. So inspect elements to find it. remix
  6. Here’s flag: picoCTF{L00k5_l1k3_y0u_solv3d_it_9b0a4e21} ٩(^ᴗ^)۶

PicoCTF - SQL Direct

22 Sep 2022

Challenge

Tags

PicoCTF 2022 / Web Exploitation / sql

Description

Connect to this PostgreSQL server and find the flag!

Writeup

  1. Launch instance.
  2. Open Websell and Log in .
  3. Connect to sql by command psql -h saturn.picoctf.net -p 61408 -U postgres pico and input the password.
  4. Use \dt command to show all table, there is only one table, which is named flags.
  5. Use SELECT * FROM flags; command to check the content of table.
  6. Here’s flag: picoCTF{L3arN_S0m3_5qL_t0d4Y_31fd14c0} ٩(^ᴗ^)۶

PicoCTF - Power Cookie

22 Sep 2022

Challenge

Tags

PicoCTF 2022 / Web Exploitation

Description

Can you get the flag?
Go to this website and see what you can discover.

Writeup

  1. Click Continue as guest button, there is a page tell you they don’t have guest service.
  2. Change isAdmin cookie value to 1.
  3. Refresh the page.
  4. Here’s flag: picoCTF{gr4d3_A_c00k13_5d2505be} ٩(^ᴗ^)۶

PicoCTF - Search source

22 Sep 2022

Challenge

Tags

PicoCTF 2022 / Web Exploitation

Description

The developer of this website mistakenly left an important artifact in the website source, can you find it?
The website is here

Writeup

  1. wget -m http://saturn.picoctf.net:58133/ to get source code.
  2. grep -r 'picoCTF' saturn.picoctf.net:58133 to search the flag!
  3. Here’s flag: picoCTF{1nsp3ti0n_0f_w3bpag3s_587d12b8} ٩(^ᴗ^)۶