-
NACTF - Sep 2019
Web
Pink Panther - 50
Rahul loves the Pink Panther. He even made this website: http://pinkpanther.web.2019.nactf.com
I think he hid a message somewhere on the webpage, but I don't know where... can you INSPECT and find the message?
Solution
Open the given link and view-source of the website
Scooby Doo - 100
Kira loves to watch Scooby Doo so much that she made a website about it! She also added a clicker game which looks impossible.
Can you use your inspector skills from Pink Panther to reveal the flag?
http://scoobydoo.web.2019.nactf.com
Solution
Open the given link view-source
To get flag, we need to change the opacity of <img> tags to 1
Dexter's Lab - 125
Please check in on your brother's lab at https://dexterslab.web.2019.nactf.com We know his username is Dexter,
but we don't know his password! Maybe you can use a SQL injection? Mom + Dad
Solution
Open the given link
To get flag, we need to login to the site with username dexter and password
1' OR '1'='1
a basic SQL Injection
Sasame street - 150
Surprisingly, The20thDuck loves cookies! He also has no idea how to use php.
He accidentally messed up a cookie so it's only available on the countdown page... Also why use cookies in the first place?
http://sesamestreet.web.2019.nactf.com/
Solution
Open the given link
Go to http://sesamestreet.web.2019.nactf.com/countdown.php. Edit cookie session-time,
change the Path to flag.php, change the value to a large number such as 2568986265.
Finally, go to http://sesamestreet.web.2019.nactf.com/flag.php, we will get flag