Skip to main content

Web Exploitation

It was an eye-opener trying to solve these challenges, but I have to thank Ying Keat for the help rendered to solve some challenges of this category.

Vulnerability (Common)

Find the Vulnerability with buffer overflow in the server version that they are using.

I searched for the list of vulnerabilities in Google that was associated with the server version obtained earlier in the previous challenge, and managed to find the vulnerability for the flag.

Flag: flag{CVE-2020-11984}

Failed Inspection (Rare)

"Hey, why isn't it letting me copy the email address?"

Clicking on the link, we soon find that the URL automatically redirects it to close the webpage again by itself.

Time to bring on Burp Suite.

Indeed, viewing the HTTP response on Burp Suite, we are able to find the flag:


Cookie Monster wants his cookie but can't seem to find it. Can you help them find it?

Clicking on the webpage, we can see the following:


Clicking on the inspect element, and navigating to the cookies section, we are given a suspicious cookie named "flag".


Refreshing the page, we are able to find the flag.


Flag: flag{C00kie_Cu113r_dl4sqd}

The bot (Rare)

Bots are playing some game, can you keep up with them?

For this challenge, I made use of Dirb to help me solve the challenge. (my first time using Dirb!)

Running Dirb gave the following results:


Referring to the title of the challenge, I decided to check out /robots.txt.

This was the webpage:


Search through all the directories listed in the page, and we finally get the flag in one of the pages.

Flag: flag{266273l6g71y9721724}

Can you Login? (Common)

Login to find what they are hiding.

On first glance, the landing page looked like this:


Inspecting the page, I realised that the login form is hidden.


Removing the first 2 lines enables the login page to be visible.


Using a simple SQL injection query (' OR 1=1--), we are able to obtain the flag:


Flag: flag{f1l7ers_n0t_s3cur3}

Can you admin? (Rare)

There is just a login page, only the admin can get a secret message.

Using another SQL injection query by passing it onto Burp Suite, we are able to obtain the flag.


Flag: flag{w0rld_0f_sQl_8kdw7}