Skip to content

Latest commit

 

History

History
executable file
·
38 lines (23 loc) · 1.17 KB

findme.md

File metadata and controls

executable file
·
38 lines (23 loc) · 1.17 KB
Raw

findme

Overview

100 points

Category: Web Exploitation

Tags : #redirect

Description

Help us test the form by submiting the username as test and password as test!.

Solution

Logging in to the website within Chrome using the Developer Tools :

  1. Chrome > View > Developer > Developer Tools
  2. Network tab
  3. Tick 'Preserve Log'

Showed a number of redirections occurring in the logged request :

http://saturn.picoctf.net:63084/login
  http://saturn.picoctf.net:63084/next-page/id=cGljb0NURntwcm94aWVzX2Fs
    http://saturn.picoctf.net:63084/next-page/id=bF90aGVfd2F5X2RmNDRjOTRjfQ==
      http://saturn.picoctf.net:63084/home
        http://saturn.picoctf.net:63084/public/css/tacit-css.min.css

Eyeballing the id= field of the two next-page redirections gives a base64 string feel, given the == suffix.

Concatenating the two strings parts and running through base64decode :

Encoded: cGljb0NURntwcm94aWVzX2FsbF90aGVfd2F5X2RmNDRjOTRjfQ==
Decoded: picoCTF{........redacted........}

Actual flag value redacted for the purposes of the write up.