easy

Exploration Dante’s Barber Shop website greets us with a short text and some pictures about their work. The login button in the upper right also immediately catches attention. However, there doesn’t seem to be an easy way to bypass the login: admin:admin doesn’t work and a basic SQL injection also only leads to “invalid username and password”. Thus, let’s explore the site a little further. Opening the developer console and having a look at the site’s source doesn’t reveal anything surprising either....

The “Dumb Admin” challenge description states: The Admin coded his dashboard by himself. He’s sure to be a pro coder and he’s so satisfied about it. Can you make him rethink that? Let’s see what we are tasked with here. Login OR 1=1 The Admin dashboard only consists of a simple login form, there’s nothing more to discover here. As always, we started with the basics and the credentials admin:admin, but the only thing we get is an error telling us “Invalid password format”1....

This is one of the challenges which have a simple solution, that is just tricky to find. Let’s explore. Exploring the task We are given a ZIP file containing a Python program (consisting of two files) and a netcat listener that executes the program on the CTF’s infrastructure. The task description states: Sometimes you have to force logic to do what you want it to do Let’s first connect to the netcat listener to see what we’re up against:...