We Stand with Palestine and don’t recognize a country called Israel.
Hi everyone, I’m a web pentester, and I occasionally participate in CTFs. Recently, I took part in the CURTIN University CTF 2023 and managed to solve six challenges: four web challenges and two general challenges. Let me now explain the scenario.
Try to login (100 Point)
It was an easy SQLi challenge, and the mission was to bypass the login page and retrieve the hidden flag from the database. The first thing I considered was injecting a single quote and observing the server’s response for any SQL error or unexpected behavior. After injecting a single quote (‘) in the username field, the server returned a SQL error.
The selected hash matched the password I entered, so I injected the following payload in the username field:
admin' or '1'='1 --. This modified the query to:
SELECT * FROM users WHERE username='admin' or '1'='1 --' AND password=''. As a result, the server returned the flag.
Try logging in… (100 Point)
It was another SQLi challenge with a different approach. I attempted to inject the query using
'), knowing that the query structure was
SELECT * FROM users WHERE username = ('admin') AND password = (''). I injected the payload
admin') OR 1=1 -- - to bypass the query on the username field. This modified the query to
SELECT * FROM users WHERE username = ('admin') OR 1=1 -- -') AND password = (''). As a result, I obtained the flag.
No Crawl (150 Point)
From the challenge name and description, I thought that it was related to crawling without brute forcing, focusing on default paths like
robots.txt. So, I navigated to this path and discovered a hidden path called
/.r0b0fl4gch4l1cin the disallow directive.
Then, I found a one-line base64 encoded string:
Q1VSVElOX0NURntCMFQ1MzBUNUJPVFNCMFQ1NTU1NTVCT1RTfQ==. It appeared to be the flag. After decoding it, I obtained the flag.
Content Missing — II (150 Point)
I always believe that the challenge description provides hints for finding the flag. In this particular challenge, I started searching for anything hidden in the page source, accessing all URLs and images, as they might be related to the missing data. After a few minutes, I discovered an image named
After opening the image, I found that it contained the flag.