Category
Web
Description
I need to be able to log in to this website. Can you tell me how to do it?
Solution
Opening the challenge page we see a login page with a password field. Taking a look at the source we seee this.
<head>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Lato:wght@300&family=Exo+2&display=swap" rel="stylesheet">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="https://mhsctf-webexploitdata.0xmmalik.repl.co/style.css">
</head>
<body>
<div class="w3-content">
<label for="pwd">Password:</label>
<input type="password" id="pwd" name="pwd">
<button onclick="validatepwd()" type="button">Submit</button>
<script>
function validatepwd() {
var x = document.getElementById("pwd").value;
if (x == "this_is_a_really_secure_password") {
window.open("/weirdpage.php?pwd=doublepassword")
}
}
</script>
</div>
</body>
Here we find the password this_is_a_really_secure_password. Using this to log in we get a ‘Not Found’ page.
Taking a look at the source for this page we can see the flag in a HTML comment.
<!doctype html><html><head><!--lol gottem here's the flag: flag{1n$p3ct0r_g3n3r@l}--><title>404 Not Found</title><style>
body { background-color: #fcfcfc; color: #333333; margin: 0; padding:0; }
h1 { font-size: 1.5em; font-weight: normal; background-color: #9999cc; min-height:2em; line-height:2em; border-bottom: 1px inset black; margin: 0; }
h1, p { padding-left: 10px; }
code.url { background-color: #eeeeee; font-family:monospace; padding:0 2px;}
</style>
</head><body><h1>Not Found</h1><p>The requested resource <code class="url">/weirdpage.php?pwd=doublepassword</code> was not found on this server.</p></body></html>
flag{1n$p3ct0r_g3n3r@l}