GETKey: 50

This is the first sort of the question which can be said as the hacking a bit 🙂 Here is the question

There’s bound to be a key on the spaceport’s hidden website

Hint: Look very closely at the url and think about it a little
Here is the link of the website in case you missed the above link ( I can’t reproduce this one that easily 😛 ) https://picoctf.com/problems/getquery/index.php?admin=true
To solve this you need to have some basic understanding of the web and and how a query is done in the web form the url , but you needn’t know every thing as the clues and web pages makes us easy to solve this challenge
When you see the clue it says to look closely at the url
The web page in the above url has a button which says “get key”.
Screenshot from 2014-08-14 17:46:19
Go ahead and press it then it gets redirected to this page
Screenshot from 2014-08-14 17:49:41
which says that you are not the admin and this is not the competition .And if you look carefully at the url it changes from admin=true to admin=false and competition=ccdc. But if you didn’t notice the change in the url you might take some time to figure out the what is happening .
If you just change the url to admin=true and competition=picoctf we can you get this page
Screenshot from 2014-08-14 18:15:31
and here you go you get the flag
Flag :9fa449c061d64f58de600dfacaa6bd5d
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s