DEV Community

Cover image for CTF Writeup: picoCTF 2022 Web Exploitation
Lena
Lena

Posted on • Updated on

CTF Writeup: picoCTF 2022 Web Exploitation

My picoCTF 2022 writeups are broken up into the following sections,
1. Forensics (Solved 13/13)
2. Cryptography (Solved 11/15)
3. Binary Exploitation (Solved 5/14)
4. Reverse Engineering (Solved 2/12)
5. Web Exploitation (Solved 2/12)

All my writeups can also be found on my GitHub's CTFwriteups repository

The Web Exploitation challenges I solved in picoCTF 2022 are the following,

Table of Contents

All my writeups can also be found on my GitHub's CTFwriteups repository

Inspect HTML

The challenge is the following,

Figure 1

And the website looks like the following,

Figure 1

Inspecting element showed the following,

Figure 1

Therefore, the flag is,

picoCTF{1n5p3t0r_0f_h7ml_b6602e8e}

Includes

The challenge is the following,

Figure 1

And the website looks like the following,

Figure 1

I viewed the source, which contained,


<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link rel="stylesheet" href="style.css">
    <title>On Includes</title>
  </head>
  <body>
    <script src="script.js"></script>

    <h1>On Includes</h1>
    <p>Many programming languages and other computer files have a directive,
       often called include (sometimes copy or import), that causes the
       contents of a second file to be inserted into the original file. These
       included files are called copybooks or header files. They are often used
       to define the physical layout of program data, pieces of procedural code
       and/or forward declarations while promoting encapsulation and the reuse
       of code.</p>
    <br>
    <p> Source: Wikipedia on Include directive </p>
    <button type="button" onclick="greetings();">Say hello</button>
  </body>
</html>
Enter fullscreen mode Exit fullscreen mode

Here, style.css contained,

body {
  background-color: lightblue;
}

/*  picoCTF{1nclu51v17y_1of2_  */
Enter fullscreen mode Exit fullscreen mode

and script.js contained,

function greetings()
{
  alert("This code is in a separate file!");
}

//  f7w_2of2_4d305f36}
Enter fullscreen mode Exit fullscreen mode

Therefore, the flag is,

picoCTF{1nclu51v17y_1of2_f7w_2of2_4d305f36}

Discussion (0)