Owen had created an authentication system which lets users login with their email-id or their team name. But thatβs not fun is it? Logging in as the admin beats it all, so thereβs your challenge.
The portal is running at 128.199.224.175:23000
Note: Use your Pragyan CTF credentials to login to the web portal.
<?phpsession_start();require"helpers.php";if(!check_login())redirect($LOGIN_URL);$id_type=$_SESSION['id_type'];$id=$_SESSION['id'];?><!DOCTYPE html><html><head><title>Homepage</title></head><body style='background-color: #d6eaf8'><p style="float: right"><a href='/logout.php'> Logout </a></p><p style="clear: both"></p><p style='height:30px; width:100%;'></p><center><h2> Welcome User !!</h2><br><br><h3><?phpif($id_type==='email') {echo"Email :- ".$id;}elseif ($id_type==='team_name') {echo"Team Name :- ".$id ;}?></h3><br><br><h4>Here's a random funny saying for you :) <br></h4><br><br><?php require "sayings.php"; printf(get_random_saying()); echo "<br><br>"; if($id === 'admin' && $id_type === 'team_name') printf(output_flag());?></center></body></html>
We can see in login.php that we need to login as admin and with the team_name mode: if($id === 'admin' && $id_type === 'team_name'), but we don't have the password and we can't bypass it.
Tony had created a QR code for a specific purpose, and sent to his friend Rhody for deployment but when deployed, the QR code wasnβt working as it was supposed to. Figure out whatβs wrong and help fix the problem.
If we take a look at the QR code structure, we can see that the positioning squares are undersized and that the alignment square is not completly closed.
Introduction# You have all seen the hype around XBOW: βthe AI that climbed 1st on HackerOne leaderboardβ. As often, when something new appears or a ne