MaxPassManager was a challenge from Web category. The web app was a password manager.
MaxPassManager’s api endpoint /api/passwords/{uid} was prone to IDOR. The code of the web app was downloadable through the challenge. The migrate script creates the following users with the following UIDs:
After requesting the password for UID 73, it was possible to retrieve admin’s password:
DeLorean Clock was a web challenge in the Siemens Future Minds CTF. It had the following description:
The vulnerable code is in util.py. As you can see in the following screenshot, it creates a command (line 8) which gets run afterwards (line 9).
Cupcake Magdalena was a challenge during Siemens’ Future Minds CTF. It was in the Web category and had the following description:
The challenge presented a web page with a functionality to submit a review. After submitting the review an admin is going to look at the review. So I have tried to inject a XSS payload to read the admin’s sessions cookie.
The following Javascript code will read the user’s cookie and send it via a GET request to a web server which I have set up in prior.
For that I have intercepted a request to /api/reviews/add and added my payload into the “name” and “review” parameter:
The Wide challenge was in Reversing category and has the following description:
The challenge had a downloadable part, which contains an executable and a data file. In order to execute the executable you have to provide a path to the data file on the command line:
./wide db.exAfter decompilation we could see that there is a check for a specific password:
This article contains two challenges, as both of them were pretty fast to do challenges.
Entrypoint is a Pwn challenge with the following description:
After starting the challenge you have to connect to the challenge via Netcat. After connecting it shows a menu to insert a password. I have choosen the second options and then inserted the password “test”. I have done that just to tamper around with the challenge. Somehow I received the flag, without even doing much :D
Going Deeper is a Pwn Challenge from Cyber Apocalypse 2022 and has the following description:
After decompilation with Ghidra there was an interesting function called admin_panel. It contains a subsroutine which checks for a specific input:
The compressor challenge was from category Misc. We had to start an instance and connect to it via netcat:
After connecting to the challenge, we were greeted with a menu.
