Contact CTF writeups Notes

[PicoCTF 2018] - web - Help me Reset 2

This is one of my writeups for PicoCTF 2018

Problem

There is a website running at http://2018shell3.picoctf.com:53126. We need to get into any user for a flag!

hints:

  1. Try looking past the typical vulnerabilities. Think about possible programming mistakes.

Solution

The target site has a reset password feature that stands out as the way to get in. When we try using it, we're prompted for a username. admin, test and the like don't work, so let's look around a bit.

Examining the source code, we can find the following comment :

<!--Proudly maintained by blake-->

If we punch in blake as the username, we're taken to the next step, where we are asked "security" questions. I just kept guessing answers, cancelling before the lockout (on the third incorrect guess) until I got it right.

After reading other writeups I realized there was a smarter and easier solution (decoding the cookie, which contains a list of possible answers for every question), but that's how I did it.