Posts

My Writeup for BCACTF 2.0! (Web Problem #1 and #2)

avatar of @jlordc
25
Jay Lord
@jlordc
·
0 views
·
2 min read

So 3 days ago I participated on a CTF competition. It was just for fun though since I don't qualify to get the rewards (Not a HighSchool Student and not a US resident XD) not that I have a chance of ending in the Top #5, but still I participated since I've been missing this challenges for quite some time now.

Since the competition has already ended hours ago, I can now post my 'SOLUTIONS' to the problems I have solved.

For this blog post I will be focusing on my answers on the WEB challenges. I only answered 6 out of 13 challenge though. XD

Anyways, here ya go.

Problem #1: Countdown Timer

Get the flag once the countdown timer reaches zero! However, the minimum time you can set for the countdown is 100 days, so you might be here for a while. http://web.bcactf.com:49154/ Hint 1 of 1: Can you manipulate a website's JavaScript?

My Solution:

This one is pretty straight-forward, we just need to set the 'TIMER' to 0 to get the flag.

If we look at the PAGE SOURCE of the webpage we'll see the javascript code of it.

If one has those javascript plug-in injector/manipulator installed on their browser, one could just easily add the line "time = 0;" to get the flag.

Alternatively, one can also use the Console on the Inspect Element feature of their preferred browser and set the 'time =0' via there to get the flag. This process is the fastest I know of but it is not as cool as the one above. XD

Problem #2: Home Automation

Check out my super secure home automation system! No, don't try turning the lights off... http://web.bcactf.com:49155/ Hint 1 of 2: How do websites know who you are? Hint 2 of 2: What's on the table?

Going into the Challenge website above gives one this challenge. The challenge is simply to 'TURN OFF THE LIGHT'.

The challenge however is that if one visits the page above they are by default set as 'VAMPIRE' instead of 'ADMIN'. So one needs to be an 'admin' first in order to turn the lights off.

My Solution for Web Problem #2:

For this and most of the succeeding Web Problems for this CTF, I have used Burp Suite.

With Burp Suite it is quite easy to intercept the request. As you can see below the Cookie with user parameter being sent to is 'vampire'.

Changing the value from 'vampire' to 'admin' easily solves this Web Problem.

And Voila! We turned off the light and got the Flag needed for this problem!!! Quite easy right?! XD