Welcome to my collection of Hacker101 CTF writeups. Here, I'll break down each challenge with methodology, screenshots, and payload explanations. The CTF's get harder along the way!
Stay tuned — more posts coming soon.
To solve the first CTF all you have to do is view the page source and notice a "background.png" being displayed. Once you navigate to the directory of /background.png the flag will appear.
Simple!
To solve the second CTF, you will need to capture 4 flags in total. The vulnerabilities that are covered are SQLI, Reflected and Stored XSS and IDOR.
The first flag is a reflected XSS in the "Title:" input field:
After saving the page, click on "Go Home" and the payload executes since the Title is displayed on the home page.
The second flag is a stored XSS in the edit page functionality:
After creating your page, visit your page and then click the button to execute the payload and retrieve the flag.
The third flag is IDOR in the page/edit/ URL:
The fourth flag is a SQLI; append ' to the end of the id parameter for the page and the flag will show:
Coming soon...