IdekCTF 24 - Hello

Challenge Description name: hello category: web exploitation points: 136 ctf-date: Aug 17th, 2024 Just to warm you up for the next Fight :“D Note: the admin bot is not on the same machine as the challenge itself and the .chal.idek.team:1337 URL should be used for the admin bot URL Challenge Analysis We’re given two links and a source code for the admin bot. challenge link: http://idek-hello.chal.idek.team:1337 admin bot link: https://admin-bot.idek.team/idek-hello Since the admin bot is not on the same machine as the challenge, we should expect that the flag will be retrieved using a technique like XSS, CSRF…etc...

August 18, 2024 · 7 min · hxuu