LIT CTF 2021
LIT CTF 2021
Here, you can find write-ups of few interesting challenges from my solves in LIT CTF 2021.
You can find and learn the below mentioned techniques:
SQL injection with WAF bypass
RCE using python pickle desirialisation, bypassing the input(dictionary) validation
Abusing the funtionality of a Web-Socket Server
LIT BUGS
Sou...
Notes
Challenge Description
TL;DR
The application has a funtionality to store notes
Each note has two sections, a body and a tag
The body is the text section of note and tag can be public or private
The challange invovled exploiting a stored XSS vulnerability in the tag parameter
But the payload is constrained to 10 charachters
As we c...
Cool
Challenge Description
TL;DR
The application allows users to register.
The register funtionality is vulnerable to SQL injection.
In this case, SQLi is inside the INSERT statement.
Retriving data is non-trivial and time consuming using this type of SQLi
The goal is to retrive the admin’s password.
And we get the flag
Looking in...
Git Good
Challenge Description
TL;DR
Initial recon leads to robots.txt on the website with a /admin.html and /.git/ paths
The /.git path was not accessible directly, as the directory listing was not enabled
But checking any standard file like /.git/config would give a clue that version control repository was hosted in production
So with help...
GETS Request
Challenge Description
Disclaimer
I did not solve the challenge in time.
I found the solution on discord, later.
This write-up helps you understand the detailed solution.
TL;DR
The website is intented to calculate the no. of primes under the given number. It takes the user provided number as a get-parameter - n
Length of...
Apollo 1337
Challenge Description
TL;DR
The website’s interface seems to be down.
While investigating the network, website uses an API with the path /api/status?verbose=
Setting parameter verbose to any value, unlocks other API paths
Investigating the responses and crafting a right request would launch the rocket
Finally, the crafted request, ...