web explotation

challenge: High Security Fan Page

We are directed to a fan page of katy perry.

login

Its a simple login page but after taking a look into the sources tab we notice some files we left in and unedited. And in a file called framework.js there is a if statement that contains the flag

if(password!="MetaCTF{So_You_Wanna_Play_With_Magic}"){
        alert("You did not enter the correct password!");
        notFailed = false;
    }

---

challenge:Barry’s Web Application

We are directed to barry's website.

barry

After inspecting the source code we find nothing of interest.

code

However I noticed that after clicking the link from the challenges site it change.

links

So lets remove the /webapp/index.html from the path.

dev

If we click the docs we see a flag.txt and we have our flag.

flag

flag:MetaCTF{Dont_l3t_y0ur_d1rect0ries_b3_l1st3d}