LITCTF24 - Traversed

Challenge Description name: traversed category: web points: 123 I made this website! you can’t see anything else though… right?? URL: http://litctf.org:31778/ Solution Based on the name of the challenge, I can feel a path traversal vulnerability looming around lol, anyway, let’s check the website: As we can see, nothing is in the page, the hint though lies within the url bar, let’s check if can traverse the the filesystem and reveal the contents of /etc/passwd....

August 13, 2024 · 1 min · hxuu

LITCTF24 - Jwt 1

Challenge Description name: jwt-1 category: web points: 111 I just made a website. Since cookies seem to be a thing of the old days, I updated my authentication! With these modern web technologies, I will never have to deal with sessions again. Come try it out at http://litctf.org:31781/. Solution We are presented with this interface If we hit GET FLAG, we see a simple unauthorized message, and since the challenge’s name is jwt-1, it’s likely that we have to bypass the authorization mechanism put in place by the developers of this application....

August 13, 2024 · 2 min · hxuu

LITCTF24 - Anti Inspect

Challenge Description name: anti-inspect category: web exploitation points: 109 can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log Solution Since the challenge warns us against opening the link on our browser, I assumed there is some kind of infinite loop inside the script tag....

August 13, 2024 · 1 min · hxuu