RITSEC CTF Web Write-ups

Apr 12, 2021

--

Challenges: Sessions, Dababy web

1.Sessions:

Let’s start by reading the source code,

Looks like the admin forgot to remove the login credentials,

The session cookie of the site looks like a Base64 encoded text since the challenge name is sessions it is worth decoding the ciphertext.

2. Dababy Web:

Again let’s start by reading the source code,

Hmmm…..

fun1.php?file=suge

looks like a Local File Inclusion, Learn more about LFI here:
https://medium.com/dsc-sastra-deemed-to-be-university/pwning-php-websites-rfi-lfi-5f28e6c31b4a

Requesting Flag file:

fun1.php?file=../flag.txt

BOOM!!! here we go

Спасибо :) — Mudhalai Mr Team Infinity

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Mudhalai Mr

<>AKA Gowtham Student at SASTRA Deemed university, Core team member DSC SASTRA </>

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams