routarded starts you out with a hint in the challenge description that the target webpage is a router with default credentials. After trying a bunch of default router combinations, @jonathansinger found a working combination of <blank>:admin. This pops you into the management site of this fake router, which has a promising diagnostics page. We went… Read more »
For this challenge belonging to the 2014 RuCTF Qualifiers, we are provided with a hyperlink that takes us to a simplified web application. The web challenge for 200 points is titled ES, which we soon learn stands for the web application’s…
Pwn300 was a Python Twisted site that served a page with a single form to kill, arrest, or bankrupt the kids of South Park. The organizers provided the source code for the challenge, which included the web service and a compiled Python module. The source to the page tells us that the flag is in… Read more »
This challenge asked us to transfer $2000 to an account when all new accounts are created with only $1000.
The trick here was to spot the vulnerability. The scripts loads html from a controlled webpage with @file_get_contents(). It then parses the html for forms with regex to solves a basic math problem, with unescaped eval(). Finally the page submits a post request to the controlled webpage with file_get_contents(). With that information determined from the… Read more »