Web 1. Toke Relaunch
Challenge description: We’ve relaunched our famous website, Toke! Hopefully no one will hack it again and take it down like the last time.
Once we access the static webpage we’re presented with a button that does nothing and some text.
I had a look at the html and some js files, but found nothing on them. So that’s when I started checking if there were any common files on the web server, like
robots.txt. And it turned out there was a robots.txt file present:
1 2 User-agent: * Disallow: /secret_xhrznylhiubjcdfpzfvejlnth.html
Curl’ing the file present on it (https://static.icec.tf/toke/secret_xhrznylhiubjcdfpzfvejlnth.html) gave us the flag:
Web 2. Lights out
Challenge description: Help! We’re scared of the dark!
Again we get a static webpage, this time with nothing on it, just a question.
So let’s inspect the html:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 <!doctype html> <html> <head> <meta charset="utf-8" /> <title>Lights out!</title> <link rel="stylesheet" href="main.css" /> </head> <body> <div class="alert alert-danger">Who turned out the lights?!?!</div> <summary> <div class="clearfix"> <i data-hide="true"></i> <strong data-show="true"> <small></small> </strong> <small></small> </div> </summary> </body> </html>
Apparently there is nothing on it, so I’ll also have a look at the css file. However, I’m going to use Chrome’s inspect, as it lets me have a look at each element separately.
Styles of .clearfix and tags: i, strong and small
So from there we can reverse the flag and get:
Web 3. Friðfinnur
Challenge description: Eve wants to make the hottest new website for job searching on the market! An avid PHP developer she decided to use the hottest new framework, Laravel! I don’t think she knew how to deploy websites at this scale however….
In this third challenge we get a website which lists jobs available on the market. We can see different pages:
And now inside each job we get some textareas to post data to the server.
I spent much time thinking the vulnerability was there, when I accidentally came across an invalid path that threw an exception and, surprisingly, the flag as well:
So the flag is