Skip to main content

Web Exploitation

It was an eye-opener trying to solve these challenges, but I have to thank Ying Keat for the help rendered to solve some challenges of this category.

Vulnerability (Common)#

description
Find the Vulnerability with buffer overflow in the server version that they are using.
http://networking.freedomctf.org

I searched for the list of vulnerabilities in Google that was associated with the server version obtained earlier in the previous challenge, and managed to find the vulnerability for the flag.

Flag: flag{CVE-2020-11984}

Failed Inspection (Rare)#

description
"Hey, why isn't it letting me copy the email address?"
https://failedinspection.freedomctf.org/

Clicking on the link, we soon find that the URL automatically redirects it to close the webpage again by itself.

Time to bring on Burp Suite.

Indeed, viewing the HTTP response on Burp Suite, we are able to find the flag:

response

Find My Cookie (Rare)#

description
Cookie Monster wants his cookie but can't seem to find it. Can you help them find it?
https://findmycookie.freedomctf.org/

Clicking on the webpage, we can see the following:

page

Clicking on the inspect element, and navigating to the cookies section, we are given a suspicious cookie named "flag".

cookies

Refreshing the page, we are able to find the flag.

yay

Flag: flag{C00kie_Cu113r_dl4sqd}

The bot (Rare)#

description
Bots are playing some game, can you keep up with them?
http://networking.freedomctf.org 

For this challenge, I made use of Dirb to help me solve the challenge. (my first time using Dirb!)

Running Dirb gave the following results:

Dirb

Referring to the title of the challenge, I decided to check out /robots.txt.

This was the webpage:

dir_list

Search through all the directories listed in the page, and we finally get the flag in one of the pages.

Flag: flag{266273l6g71y9721724}

Can you Login? (Common)#

description
Login to find what they are hiding.
https://canyou.freedomctf.org/

On first glance, the landing page looked like this:

landing

Inspecting the page, I realised that the login form is hidden.

inspect

Removing the first 2 lines enables the login page to be visible.

loginform

Using a simple SQL injection query (' OR 1=1--), we are able to obtain the flag:

woohoo

Flag: flag{f1l7ers_n0t_s3cur3}

Can you admin? (Rare)#

description
There is just a login page, only the admin can get a secret message.
https://canyou.freedomctf.org/

Using another SQL injection query by passing it onto Burp Suite, we are able to obtain the flag.

flag_yay

Flag: flag{w0rld_0f_sQl_8kdw7}