💻
My Write Ups
  • write-ups
  • 🛡️CyberDefenders
    • Bucket Digital Forenics
  • 📦Hackthebox
    • Archetype
    • Arctic
    • Blocky
    • Optimum
    • Cap
    • Beep
    • knife
    • Legacy
    • Devel
    • Sense
    • Shocker
    • Soccer
  • 🚩MetaCTF CyberGames 2020
    • crypto
      • Crypto
    • forensics
      • forensics
    • web_explotation
      • web explotation
  • 💾Vulunhub
    • Kioptrix (level 1)
  • 📍Playground
    • Nickel
    • Hutch
Powered by GitBook
On this page
Edit on GitHub
  1. MetaCTF CyberGames 2020
  2. web_explotation

web explotation

Previousweb_explotationNextVulunhub

Last updated 3 years ago

challenge: High Security Fan Page

We are directed to a fan page of katy perry.

login

Its a simple login page but after taking a look into the sources tab we notice some files we left in and unedited. And in a file called framework.js there is a if statement that contains the flag

if(password!="MetaCTF{So_You_Wanna_Play_With_Magic}"){
        alert("You did not enter the correct password!");
        notFailed = false;
    }

challenge:Barry’s Web Application

We are directed to barry's website.

After inspecting the source code we find nothing of interest.

However I noticed that after clicking the link from the challenges site it change.

So lets remove the /webapp/index.html from the path.

If we click the docs we see a flag.txt and we have our flag.

flag:MetaCTF{Dont_l3t_y0ur_d1rect0ries_b3_l1st3d}

barry
code
links
dev
flag
🚩