Posts IceCTF 2018: Web write-ups
Post
Cancel

IceCTF 2018: Web write-ups

Web 1. Toke Relaunch

Challenge description: We’ve relaunched our famous website, Toke! Hopefully no one will hack it again and take it down like the last time.

Once we access the static webpage we’re presented with a button that does nothing and some text.

Index.html

Img

I had a look at the html and some js files, but found nothing on them. So that’s when I started checking if there were any common files on the web server, like .htaccess, .htpasswd, sitemap.xml or robots.txt. And it turned out there was a robots.txt file present:

1
2
User-agent: *
Disallow: /secret_xhrznylhiubjcdfpzfvejlnth.html

Curl’ing the file present on it (https://static.icec.tf/toke/secret_xhrznylhiubjcdfpzfvejlnth.html) gave us the flag:

IceCTF{what_are_these_robots_doing_here}

Web 2. Lights out

Challenge description: Help! We’re scared of the dark!

Again we get a static webpage, this time with nothing on it, just a question.

Index.html

Img

So let’s inspect the html:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<!doctype html>
<html>
    <head>
        <meta charset="utf-8" />
        <title>Lights out!</title>
        <link rel="stylesheet" href="main.css" />
    </head>
    <body>
        <div class="alert alert-danger">Who turned out the lights?!?!</div>
        <summary>
        <div class="clearfix">
            <i data-hide="true"></i>
            <strong data-show="true">
            <small></small>
            </strong>
            <small></small>
        </div>
        </summary>
    </body>
</html>

Apparently there is nothing on it, so I’ll also have a look at the css file. However, I’m going to use Chrome’s inspect, as it lets me have a look at each element separately.

Styles of .clearfix and tags: i, strong and small

Img

Img

Img

Img

So from there we can reverse the flag and get:

IceCTF{styles_turned_the_lights}

Web 3. Friðfinnur

Challenge description: Eve wants to make the hottest new website for job searching on the market! An avid PHP developer she decided to use the hottest new framework, Laravel! I don’t think she knew how to deploy websites at this scale however….

In this third challenge we get a website which lists jobs available on the market. We can see different pages:

Index.html

Img

Jobs.html

Img

And now inside each job we get some textareas to post data to the server.

Job panel

Img

I spent much time thinking the vulnerability was there, when I accidentally came across an invalid path that threw an exception and, surprisingly, the flag as well:

Debug exception

Img

So the flag is IceCTF{you_found_debug}.


Diego Bernal Adelantado
This post is licensed under CC BY 4.0 by the author.