Challenge Description name: jwt-1 category: web points: 111 I just made a website. Since cookies seem to be a thing of the old days, I updated my authentication! With these modern web technologies, I will never have to deal with sessions again. Come try it out at http://litctf.org:31781/. Solution We are presented with this interface If we hit GET FLAG, we see a simple unauthorized message, and since the challenge’s name is jwt-1, it’s likely that we have to bypass the authorization mechanism put in place by the developers of this application....

Challenge Description name: anti-inspect category: web exploitation points: 109 can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log Solution Since the challenge warns us against opening the link on our browser, I assumed there is some kind of infinite loop inside the script tag....

Challenge Description name: file sharing portal category: web exploitation points: 478 author: NoobMaster + NoobHacker Welcome to the file sharing portal! We only support tar files! Solution We are presented with the following interface As well as the source code of the application. #!/usr/bin/env python3 from flask import Flask, request, redirect, render_template, render_template_string import tarfile from hashlib import sha256 import os app = Flask(__name__) @app.route('/',methods=['GET','POST']) def main(): global username if request....

When I first encountered cybersecurity, it was through phishing sites that people used to steal their friends’ Facebook accounts. One of my friends even used one against another one of our friends to send messages from his account. No, that’s not some ghost story, lol. After that, I started taking cybersecurity more seriously. Coming from an academic background, I thought the best approach was to learn all the concepts first and then practice my skills....