Web Maze Mr. Hekker Web Maze $ gobuster dir -u http://maze.noobarmy.org/ -w big.txt -t 50 -q -x php,html,txt /.htpasswd (Status: 403) [Size: 282] /.htaccess.html (Status: 403) [Size: 282] /.htpasswd.php (Status: 403) [Size: 282] /.htaccess…

Web Santa's consolation Web Santa's consolation ソースコードは console.log("%c██████╗░██╗░░░░░██╗░░░██╗██╗░░░██╗██╗░░██╗\n\██╔══██╗██║░░░░░██║░░░██║██║░░░██║██║░██╔╝\n██████╦╝██║░░░░░██║░░░██║██║░░░██║█████═╝░\n██╔══██╗██║░░░░░██║░░░██║██║…

Web Lynx Web Lynx ふつうにアクセスすると You are not lynx, access denied といわれる。 Lynxがなにか調べてみるとブラウザっぽいのでUser-Agentを偽装すればアクセスできそう。 User-Agent: Lynx/2.8.5rel.1 libwww-FM/2.15FC SSL-MM/1.4.1c OpenSSL/0.9…

0 decode(Very Easy) 1-1 FTP(Very Easy) 1-2 SSH avoidance(Very Easy) 2-1 basic authentication(Easy) 6-1 exploration(Very Easy) 7-1 hidden flag(Very Easy) 6-2 authentication avoidance(Easy) 4-1 breakthrough(Easy) 6-3 clairvoyance(Medium) 5-1…

Web Dr Jason Buggy PHP Web Dr Jason const express = require('express'); const bodyParser = require('body-parser'); var cors = require('cors'); require('dotenv').config(); const app = express(); app.use(bodyParser.json({extended: false})); …

Web Caesar Cipher Translator Evil Eval Gacha Web Caesar Cipher Translator "><script>alert("TEST");</script>と入力すると "><fpevcg>nyreg("vawrpgrq");</fpevcg> <script>タグ使わない方法ということで "><img src=1 onerror='alert("injected")'/> flag: taskctf{n1ce_inject10n!} Evil Eval

Web AuthEN Machine Biscuits Ador Doors PharAway flag1 flag2 flag3 flag4 Cryptography 3,2,1..Go Easy Encoding Ancient Warfare Reversing Just-Run-It! PYthn Damez Forensics Shark on Wire Not That Easy Pwn Connect Web AuthEN ソースコードをみる…