DanteCTF 2023: Dante Barber Shop

Exploration Dante’s Barber Shop website greets us with a short text and some pictures about their work. The login button in the upper right also immediately catches attention. However, there doesn’t seem to be an easy way to bypass the login: admin:admin doesn’t work and a basic SQL injection also only leads to “invalid username and password”. Thus, let’s explore the site a little further. Opening the developer console and having a look at the site’s source doesn’t reveal anything surprising either. Nevertheless, we noticed that the six pictures on the site are numbered barber2.jpg to barber7.jpg. So, what about barber1.jpg? ...

DanteCTF 2023: Dumb Admin

The “Dumb Admin” challenge description states: The Admin coded his dashboard by himself. He’s sure to be a pro coder and he’s so satisfied about it. Can you make him rethink that? Let’s see what we are tasked with here. Login OR 1=1 The Admin dashboard only consists of a simple login form, there’s nothing more to discover here. As always, we started with the basics and the credentials admin:admin, but the only thing we get is an error telling us “Invalid password format”1. Other default credentials don’t seem to work either, so let’s see if there is any luck with SQL injection. ...

justCTF 2023: ECC for Dummies

This is one of the challenges which have a simple solution, that is just tricky to find. Let’s explore. Exploring the task We are given a ZIP file containing a Python program (consisting of two files) and a netcat listener that executes the program on the CTF’s infrastructure. The task description states: Sometimes you have to force logic to do what you want it to do Let’s first connect to the netcat listener to see what we’re up against: ...

June 4, 2023 · 3 min · vollkorntomate · JustCTF 2023