Hello guys, hello windy day.
Because of the training course for CTF team, I will participate in play with this web application designed by OWASP. Let's start!
☆
1
2
This challenge is about DOM XSS with <iframe> tag (An inline frame is used to embed another document within the current HTML document). Simple copy this payload and paste to search field. We make the api of sound cloud appeared.
3
Similar to the previous challenge we have solved
4
Scan all directory with dirbuster or ZAP, we found /ftp path. Browse to it, view all file .md and we got the point.
5
Browse to login page, input abitrary character and make the error appeared
6
Guessing or scanning the directory and browse to /metrics to get point.
7
Go to this page and pass the challenge!
8
Move to Photo Wall
Inspect the error image
The "#" symbol make this image coudn't load in the right way that it supposed to be. Fix it by encode to "%23". Reload page and get the full picture appears, complete this challenge
9
Successfully!
10.
Move to support chat and ask for coupon over and over again as a kid, so the bot will give you coupon and you pass this challenge!
11.
You should read about DRY (Don't repeat yourself) principle
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system
So, we move to register form and let's make new one. In password field, you can type any thing you want follow to the password creation rules. Then, in repeat password field, type exactly the same password. After that, you can change the your main field password to another value, and realize that the UI accept it with no error. Click register and you pass this challenge!
☆☆
1
2.
Note: This chall requires you to logged in as admin to delete vote
3.
admin' or 1=1 --
and pass the challenge
4.
View the cookie "token" by Cookie extension or another tool
We can see the password in md5 hash type, decrypt it via John or any tools which support this type. With admin email and password, we can successfully login to and pass this challenger.
5.
Create another user, add item in its basket and view the bid (basket id). Logout this account and login with admin account, move to admin's basket and change the bid value to new user's bid value. We can view the new user's basket.
6.
Just view video and claim the password
☆☆☆
1.
Upload a pdf file, intercept with ZAP and change the extension, then forward it
null' union select tbl_name,2,3,4,5,6,7,8,9,10,11,12,13 FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%'--
null' union select tbl_name,2,3,4,5,6,7,8,9,10,11,12,13 FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' limit 1,2--
3.
using Fuzz feature to bruteforce captcha value. If you knew, captcha value would run random from 1 → 100. With 10 requests, you have fuzz 100 numbers for 10 times.
Continue ...
Happy Training!
Không có nhận xét nào:
Đăng nhận xét