My Writeup for BCACTF 2.0! (Web Problem #1 and #2)

avatar

So 3 days ago I participated on a CTF competition. It was just for fun though since I don't qualify to get the rewards (Not a HighSchool Student and not a US resident XD) not that I have a chance of ending in the Top #5, but still I participated since I've been missing this challenges for quite some time now.


image.png

Since the competition has already ended hours ago, I can now post my 'SOLUTIONS' to the problems I have solved.

For this blog post I will be focusing on my answers on the WEB challenges. I only answered 6 out of 13 challenge though. XD


image.png

Anyways, here ya go.

Problem #1: Countdown Timer

Get the flag once the countdown timer reaches zero! However, the minimum time you can set for the countdown is 100 days, so you might be here for a while.
http://web.bcactf.com:49154/
Hint 1 of 1: Can you manipulate a website's JavaScript?

My Solution:

This one is pretty straight-forward, we just need to set the 'TIMER' to 0 to get the flag.


image.png

If we look at the PAGE SOURCE of the webpage we'll see the javascript code of it.


image.png

If one has those javascript plug-in injector/manipulator installed on their browser, one could just easily add the line "time = 0;" to get the flag.


image.png

Alternatively, one can also use the Console on the Inspect Element feature of their preferred browser and set the 'time =0' via there to get the flag. This process is the fastest I know of but it is not as cool as the one above. XD


image.png


image.png

Problem #2: Home Automation

Check out my super secure home automation system! No, don't try turning the lights off...
http://web.bcactf.com:49155/
Hint 1 of 2: How do websites know who you are?
Hint 2 of 2: What's on the table?

Going into the Challenge website above gives one this challenge. The challenge is simply to 'TURN OFF THE LIGHT'.


image.png

The challenge however is that if one visits the page above they are by default set as 'VAMPIRE' instead of 'ADMIN'. So one needs to be an 'admin' first in order to turn the lights off.


image.png

My Solution for Web Problem #2:

For this and most of the succeeding Web Problems for this CTF, I have used Burp Suite.

With Burp Suite it is quite easy to intercept the request. As you can see below the Cookie with user parameter being sent to is 'vampire'.


image.png

Changing the value from 'vampire' to 'admin' easily solves this Web Problem.


image.png

And Voila! We turned off the light and got the Flag needed for this problem!!! Quite easy right?! XD


image.png

ctf capturetheflag competition blog proofofbrain life leo neoxian palnet gaming
0
0
0.000
0 comments