Sunday, June 14, 2020

Hacker101 CTF: Micro-CMS v2 - Part 2

I was a bit clueless here. So, I took hints. First was

  • What actions could you perform as a regular user on the last level, which you can't now?

So, in last level there was no authentication required to edit the page. Now there is this added step which is disallowing me to edit the page. To capture the first flag, I already used the SQL injection technique. This was no hint at all. Sought the next hint which was
  • Just because request fails with one method doesn't mean it will fail with a different method
This still isn't enough for me. I need to try to edit the page to get the flag. First option is to go through UI, which I already did. Next option now will be to use command line. I need to be sure now. Took the last hint too
  • Different requests often have different required authorization
Yes, command line should be used here. curl provides heaps of useful features like HTTP POST. I tried with following command

curl -v -X POST http://35.190.155.168/3ba49d9466/page/edit/2


Successful execution of this command will give me the flag I needed.


at
Labels: , , , ,

1 comment:

  1. No NameFebruary 15, 2022 at 12:35 PM

    FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
    (Spammed From Credit Bureau of USA)

    =>Contact 24/7<=

    Telegram> @killhacks
    ICQ> 752822040

    FRESHLY SPAMMED
    VALID INFO WITH VALID DL EXPIRIES

    *All info included*
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included

    CC & CVV'S ONLY USA AVAILABLE

    $1 for SSN+DOB
    $2 for SSN+DOB+DL
    $5 for High credit fullz 700+
    (bulk order negotiable)
    *Payment in all crypto currencies will be accepted

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    PLEASE DON'T ASK ANYTHING FOR FREE

    TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING

    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    Ethical Hacking Tools & Tutorials
    Kali linux
    Facebook & Google hacking
    SQL Injector
    Bitcoin flasher
    Keylogger & Keystroke Logger
    Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    Smtp's, Safe Socks, rdp's, VPN, Viruses
    Cpanel
    Php mailer
    Server I.P's & Proxies
    HQ Emails Combo

    *If you need a valid vendor it's very prime chance, you'll never be disappointed*

    CONTACT 24/7
    Telegram> @killhacks
    ICQ> 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)