🏳️
Bag of Flags
  • Home
  • 2023
    • 🅿️picoCTF 2023
      • money-ware
      • repetitions
      • two-sum
      • ReadMyCert
      • rotation
      • hideme
      • PcapPoisoning
      • who is it
      • Reverse
      • timer
      • Safe Opener 2
      • findme
      • MatchTheRegex
      • SOAP
    • 🐦magpieCTF 2023
      • Space Plan
      • Space Exploration
      • So Meta
      • There is no flag
      • Momma says to play fair
      • Rubis
      • What is the password?
      • Eavesdropper
      • Shredded
      • Missing Flag
      • This outta be large enough right?
      • No Password Here
      • Chocolate Chips with Zero-G
      • Education Comes First
    • 🌴ISSessions CTF 2023
      • Basic Permissions
      • Crack Me
      • File Detective
      • Word Vomit
      • Fileception
      • Coding Time
      • Ghost File
      • CryptoTools1
      • CryptoTools2
      • 1337
      • ROT++
      • RunedMyDay
      • RSA_2
      • The Man Who Sold the World
      • VaultChallenge
      • Lost Media
      • Decontamination
      • Decade Capsule
      • Password in A Haystack
  • 2022
    • 🏁UW CTF S22
      • 0s and 1s
      • simple image
      • Helikopter
      • Meow
      • Google Form
      • Strings, literally
      • WASM
      • Audio
      • Pwn0
      • YATD
      • steg
      • Passwords
      • Vitalik
  • Practice
    • 🧠CryptoHack
      • Introduction
        • Finding Flags
        • Great Snakes
      • General
        • ASCII
        • Hex
        • Base64
        • Bytes and Big Integers
        • XOR Starter
        • XOR Properties
        • Favourite byte
        • You either know, XOR you don't
        • Greatest Common Divisor
Powered by GitBook
On this page
  • Description
  • Milky Way
  • Flag
  1. 2023
  2. magpieCTF 2023

Chocolate Chips with Zero-G

PreviousNo Password HereNextEducation Comes First

Last updated 2 years ago

Description

Hello W-Team,

Recon has found an old website from OmniFlags. We think there may be an insecure admin portal somewhere. See if there is anything you can find! They never did hire the best developers.

Report back, HQ

http://srv1.2023.magpiectf.ca:1234

Milky Way

We are brought to the moon on this website, with both a navigation bar and a sidebar, though some of the options, such as "CAREERS" and "FLAGS", link to nothing

From the description we know we're looking for an "insecure admin portal", so let's see what we can find. Inspecting the page shows that we are currently on index.html. Let's try searching for the admin page with admin.html

-> This is done by adding the /admin.html path to the URL

Let's try logging in with any test credential, say "admin" and "admin"

Inspect element again, and in the Sources tab we can find a script.js. Looking through it, it seems to hold the logic for login. Notably, we find this bit for when the credentials are submitted:

Looks like it sets the cookie admin to false when we login. If we have submitted our credentials and the admin cookie is false, it redirects us to denied.html

We can go into Application > Storage > Cookies to find the admin cookie, set it to true, then refresh the page to get the flag

Flag

magpie{bu7-7h3-m1Lk-ju57-fl04T5-4W4y!}

🐦
We found the login portal
No luck
Admin