Write-Up

Challenge Description name: jwt-1 category: web points: 111 I just made a website. Since cookies seem to be a thing of the old days, I updated my authentication! With these modern web technologies, I will never have to deal with sessions again. Come try it out at http://litctf.org:31781/. Solution We are presented with this interface If we hit GET FLAG, we see a simple unauthorized message, and since the challenge’s name is jwt-1, it’s likely that we have to bypass the authorization mechanism put in place by the developers of this application....

Challenge Description name: anti-inspect category: web exploitation points: 109 can you find the answer? WARNING: do not open the link your computer will not enjoy it much. URL: http://litctf.org:31779/ Hint: If your flag does not work, think about how to style the output of console.log Solution Since the challenge warns us against opening the link on our browser, I assumed there is some kind of infinite loop inside the script tag....

Challenge Description name: file sharing portal category: web exploitation points: 478 author: NoobMaster + NoobHacker Welcome to the file sharing portal! We only support tar files! Solution We are presented with the following interface As well as the source code of the application. #!/usr/bin/env python3 from flask import Flask, request, redirect, render_template, render_template_string import tarfile from hashlib import sha256 import os app = Flask(__name__) @app.route('/',methods=['GET','POST']) def main(): global username if request....