Blog section
CTF

picoCTF 2024 Web Exploitation

picoCTF 2024 Web Exploitation writeups covering web vulnerabilities and injection attacks.

picoCTFCTFWeb Exploitation

picoCTF 2024 - Web Exploitation

challenge screenshot

Web Exploitation Challenges

Solved: 6/7 challenges


Bookmarklet

Tags: `Web Exploitation` `obfuscation` `browser_webshell_solvable` `browser`

Description

Why search for the flag when I can make a bookmarklet to print it for me?

challenge screenshot

challenge screenshot

Flag

challenge screenshot


IntroToBurp

Tags: `Web Exploitation`

Description

Try here to find the flag

challenge screenshot

challenge screenshot

Flag

challenge screenshot


No Sql Injection

Tags: `Web Exploitation` `browser_webshell_solvable`

Description

Can you try to get access to this website to get the flag? You can download the source here. The website is running here. Can you log in?

Found that it uses MongoDB

Found that it uses MongoDB

challenge screenshot

Flag

email: {"$gt": ""} password: {"$gt": ""}
#Thanks https://book.hacktricks.xyz/pentesting-web/nosql-injection#mongodb-payloads

challenge screenshot


Trickster

Tags: `Web Exploitation` `browser_webshell_solvable`

Description

I found a web app that can help process images: PNG images only!

challenge screenshot

dirsearch -u URL

challenge screenshot

robots.txt

robots.txt

challenge screenshot

curl -I URL

PHP!

PHP!

challenge screenshot

Flag

challenge screenshot


Unminify

Tags: `Web Exploitation` `obfuscation` `browser_webshell_solvable` `minification`

Description

I don't like scrolling down to read the code of my website, so I've squished it. As a bonus, my pages load faster! Browse here, and find the flag!

challenge screenshot

Flag

challenge screenshot


WebDecode

Tags: `Web Exploitation` `browser_webshell_solvable`

Description

Do you know how to use the web inspector?

challenge screenshot

challenge screenshot

challenge screenshot

Flag

challenge screenshot