testert1ng / hacker101-ctf Goto Github PK
View Code? Open in Web Editor NEWHacker101 CTF Writeup
Home Page: https://hacker101.testerting.science
Hacker101 CTF Writeup
Home Page: https://hacker101.testerting.science
Hi!
Thanks a lot for sharing all your documentation.
I read the "Photo Gallery - Flag2" document. In my opinion, there is a little bug in the sections "0x02 Remote Code Execution" and "0x03 FLAG".
The command "id=1 UNION SELECT 'test'--" does not work for me. Running this command results in an HTTP 500 error. If I add a file extension everything works fine. Finally, the command looks like: "id=1 UNION SELECT 'test.txt'--".
in this ctf how did you know that that id can be changed upto 189*5=945 without using the burpsuit or like tools?
I'm getting 500 error on the last step, even with .txt used, so don't know if the txt file is not correctly created, or if the last step is unable to display the txt file. Does this still work for you?
I use curl to make a POST request to the edit/2 url ,but it says that the method is not allowed.Does this happen because I am using Windows?
I can't see any link to edit the items in the pet store so I can't change the content which is forwarded to the /cart page. I don't know whether there was an update to this challenge or the web page doesn't render properly. I checked on other browsers so I don't think that's the issue.
I did change the 'name' of the item by intercepting the POST request to /checkout from /cart and got XSS on the /checkout page but don't see the flag.
Maybe, the XSS needs to pop up on the /cart webpage? Anyways, just wanted to ask if there's another way around this. Btw thank you for creating this repo, great help.
once shell is uploaded how can i connect to it ?
It seems just like a random number... how did you get to 945?
btw thanks for the writeup :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.