Writeups
  • Writeups
  • CTF Writeups
    • ctfs
      • BRCTF
      • CloudSEK - BSides Cyber Security CTF 2023
      • CloudSEK - Nullcon Cyber Security CTF 2023
      • CyberHavoc CTF 2023
      • Cyber Heroines CTF
      • IWCON CTF 2023
      • SecurityBoat - October CTF 2023
      • The Hacker101 CTF
      • Wizer CTF Event 6 Hour Challenge
      • FooBar CTF 2023
      • Lag and Crash 3.0
      • NahamCon CTF 2022
        • Crash Override:
        • Exit Vim:
        • Flagcat:
        • Flaskmetal Alchemist:
        • Personnel:
        • Poller:
        • Prisoner:
        • Quirky:
        • Read The Rules:
        • Technical Support:
        • Wizard:
      • picoCTF
        • crypto
          • Easy Peasy
    • files
  • HTB
    • HTB Challenges
      • Baby Time Capsule
      • Lost Modulus
      • RLotto
      • Toxic | HTB Web Challenge
      • xorxorxor
    • HTB Machines
      • HTB Machine Precious
      • HTB Machine Stocker
  • Other Challenges
    • Academy Box - PEH Capstone TCM Security
    • Saptang Labs Hiring Challenge
Powered by GitBook
On this page
  • Challenges
  • A little something to get you started
  • Micro-CMS v1
  • Photo Gallery
  • Cody's First Blog
  • Postbook

Was this helpful?

  1. CTF Writeups
  2. ctfs

The Hacker101 CTF

PreviousSecurityBoat - October CTF 2023NextWizer CTF Event 6 Hour Challenge

Last updated 1 year ago

Was this helpful?

https://ctf.hacker101.com/ctf

Challenges

A little something to get you started

In source code we can see one image

viewing this image we get the flag

flag: ^FLAG^05f132dbc0e8a0cbb312952e6703e8f4703e921669676a096b385a49b34c94b2$FLAG$

Micro-CMS v1

number of flag: 4

Here we have functionality to create page in that using the payload: <img src=xx onerror=alert(1)> in body will create an alert pop-up and it will give us the first flag in source code, and using this same payload in title will give us the second flag but it will be executed in home page.

Flag 1: ^FLAG^94f26fe56dec79812241c348ed6b5718a9e00fc2df643403fef30f6c0e8faee1$FLAG$

Flag 2: ^FLAG^bd75d9a3aba5709358c413cd1f69819783524094e15dd117c569bdb9f0006a06$FLAG$

Photo Gallery

  • SQLi in https://6b6c2ec7bb58b712c873fbbd19cd1a32.ctf.hacker101.com/fetch?id=1

  • File read via SQLi https://6b6c2ec7bb58b712c873fbbd19cd1a32.ctf.hacker101.com/fetch?id=4+UNION+SELECT+'main.py'--

  • RCE via modifying filename column in photos table

Cody's First Blog

  • php code injection in Add comment

  • to auth bypass remove auth from admin.auth.inc

  • to access the injected php code visit ?page=http://localhost/index

Postbook

  • edit other users post

  • make other user's post private and access private post of other users

  • delete other user's post id is md5

  • session cookie id is md5 of 3 change to 2

  • session cookie id is md5 of 3 change to 1

  • brute force post id 945 give flag

  • while creating the post change the id in post data to create post as other user

A little something to get you started
Micro-CMS v1
Photo Gallery
Cody's First Blog
Postbook