Aleyna
Lab link. This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter We log in to the account using the user credentials provided. If …
Lab link. This lab has an unprotected admin panel. It’s located at an unpredictable location, but the location is disclosed somewhere in the application. Solve the lab by accessing the admin panel, and using it to delete the user carlos. Look at the source code of the site, you can go with Ctrl+U. This JavaScript code …
Lab link. This lab has an unprotected admin panel. Solve the lab by deleting the user carlos. We visit the robots.txt file. This prevents the specified user agent (in this case all bots) from accessing the URL path /administrator-panel. In other words, the website does not want search engines to crawl the /administrator-panel directory. Try to …
CTF link. My potions would kill you, traveler. You cannot handle my potions. The app allows users to borrow gold, buy rotation, and pay back the borrowed gold. To get to Flag, we need to go through certain steps. Borrow gold using the /borrow URL: The user must borrow a certain amount of gold by …
CTF link. Sometimes you can exfiltrate data with more than just plain text. Can you figure out how the attacker smuggled out the flag on our network? If we examine HTTP requests, we notice the flag in the ASCII DUMP section. swampCTF{w3lc0m3_70_7h3_l4nd_0f_7h3_pc4p} Aleyna DoğanHello, I am Aleyna Doğan. I work as a Sr. Cyber Threat …
CTF link. We found out a user account has been compromised on our network. We took a packet capture of the time that we believe the remote login happened. Can you find out what the username of the compromised account is? Flag format: swampCTF{username} If we examine the .pcap file in network miner, we can …
CTF link. I found this really good chips place, but I don’t want it to be crowded, so I’ve blurred everything. Hahaha! The flag is the address of this location as it’s shown on google maps. Good luck! Do not wrap the address in swampCTF{} There are two important clues in the image. If we …
CTF link. Find where this photo was taken! Make sure to keep your eyes out for the hawks though! The flag is the truncated coordinate of this location to the hundredths. For example: (xx.xx, xx.xx) Since we are asked for image coordinates, we add the file to Exiftool. Find here the GPSLatitude and GPSLongitude coordinates …
CTF link. I think OSINT challenges are stupid! If they aren’t, prove it! How far away is this? Don’t bother giving me the unit, there’s only one that you should be using in space anyways (use Astronomical Units). The flag entry is extremely forgiving just make sure you get the integer for distance right. This a classic …
CTF link. I found this form but it doesn’t go anywhere! I was told I’d find the flag after I’d gone through enough form questions but I’ve answered the same question 20 times and I’m still on the same page… If we go to Google form, no matter how much we try to send the …