title | date | author | category | tags | ||
---|---|---|---|---|---|---|
BCACTF - Web Challenges |
2019-06-17T17:16:17-05:00 |
nsuave |
ctf |
|
👉 https://ctftime.org/event/824
I didn't get to participate as much as I would have liked, but I was able to knock out the web challenges in the time I did have 👇
The title of this one was a hint on what to look at. Inspect element!
Building off of the last one, we can see a comment that leads us to the next flag.
More hints from the title! Dig is a tool that helps us query DNS servers.
In the challenge itself, there’s another hint that we should be looking for TXT records. You can read about all of the other DNS record types here.
Hint is in the title once more! I bet this has to do with cookies.
We can click mostly anywhere on that site to increment that counter. There’s also a “Shop” button towards the bottom 🤔
That brings us to a shopping portal that displays our cookie count from the previous page.
Let’s take a look at our cookies! Open up the console in dev tools, then type document.cookie
.
Well that’s congruent with what we’ve seen so far.
We could go to the first page and click a bunch of times, but let’s try modifying it 👇
document.cookie='cookies=1000'
Refresh the page, and voila! We now have 1000 cookies.
The flag costs much more than that, but now we can give ourselves enough to ‘purchase’ it.
document.cookie='cookies=1000000000000000000000000000000000000000’