CURTIN University CTF (Web Challenges)

Anas Ibrahim
3 min readOct 15, 2023

--

Free Palestine

We Stand with Palestine and don’t recognize a country called Israel.

Hi everyone, I’m a web pentester, and I occasionally participate in CTFs. Recently, I took part in the CURTIN University CTF 2023 and managed to solve six challenges: four web challenges and two general challenges. Let me now explain the scenario.

Try to login (100 Point)

Try to login

It was an easy SQLi challenge, and the mission was to bypass the login page and retrieve the hidden flag from the database. The first thing I considered was injecting a single quote and observing the server’s response for any SQL error or unexpected behavior. After injecting a single quote (‘) in the username field, the server returned a SQL error.

SQL error

The selected hash matched the password I entered, so I injected the following payload in the username field: admin' or '1'='1 --. This modified the query to: SELECT * FROM users WHERE username='admin' or '1'='1 --' AND password=''. As a result, the server returned the flag.

FLAG

Try logging in… (100 Point)

It was another SQLi challenge with a different approach. I attempted to inject the query using '), knowing that the query structure was SELECT * FROM users WHERE username = ('admin') AND password = (''). I injected the payload admin') OR 1=1 -- - to bypass the query on the username field. This modified the query to SELECT * FROM users WHERE username = ('admin') OR 1=1 -- -') AND password = (''). As a result, I obtained the flag.

FLAG

No Crawl (150 Point)

No Crawl

From the challenge name and description, I thought that it was related to crawling without brute forcing, focusing on default paths like robots.txt. So, I navigated to this path and discovered a hidden path called /.r0b0fl4gch4l1cin the disallow directive.

robots.txt

Then, I found a one-line base64 encoded string: Q1VSVElOX0NURntCMFQ1MzBUNUJPVFNCMFQ1NTU1NTVCT1RTfQ==. It appeared to be the flag. After decoding it, I obtained the flag.

FLAG

Content Missing — II (150 Point)

Content Missing — ||

I always believe that the challenge description provides hints for finding the flag. In this particular challenge, I started searching for anything hidden in the page source, accessing all URLs and images, as they might be related to the missing data. After a few minutes, I discovered an image named Content.png.

image

After opening the image, I found that it contained the flag.

FLAG

Finally, I have finished the write-up about solving the two web security challenges. I hope you find it enjoyable.

Contact

Facebook | LinkedIn

--

--