When I was in HS, I always wanted to learn about security and hacking but never had the discipline (or adderall) to sit down and learn it well. My hope is with this blog I can sort my thoughts out, document everything and consistently put work towards learning security.
Goal: Learn enough to collect the bounty on one(1) bug a year from now
Hacker101 CTF
Since the goal's a bounty from hackerone, why not start learning through hackerone?
A little something to get you started
Inspect element shows background.png being set as background in the styles tag. Appending that to the end of the url gives the flag, pretty straight forward
Micro-CMS v1
This one's where it started to get tricky, I had to play around a lot and ultimately rely on a writeup from another post on dev.to
- Flag 0 - after you create a couple test pages, I noticed that there was gap in the pages (goes from 2 to 11). Visiting page/1-3 gives a 404 not found, but page/4 is forbidden. Using url naming convention to edit this page gives the first flag
- Flag 1 - The home page contains a list of all the pages, with the page titles in text wrapped by anchor tags. When creating a new page the input isn't sanitized, so we can just put something simple like alert('test') for the title, save it then hit go home which reveals the flag in a popup followed by our own alert. I think this is basically what XSS is (I'm really new at this lol)
- Flag 2-3 - Had to rely completely on writeups and walkthroughs for this. The first flag is found by adding a ' to the end of any edit page's url. I have no idea how tf this works. Apparently it's some sort of sql injection? I've tried sql injections before for smaller CTFs(never got too far past the beginner sections tbh) but they were mostly the cookie cutter username-password types. I have no idea how adding a tick to the back of the url breaks anything, or how urls relate to sql! Flag 3 (again, from writeup) is modifying the existing button so it has a onclick attribute set to some script (again, I used alert('test')). Save and click for another XSS, and the flag is in the source html
Thoughts:
This really knocked me down a peg since I didn't expect to have such a hard time on the second (first real) CTF challenge on hacker101. I realized there's a lot of gaps in my knowledge:
- How URLs work and how it relates to SQL
- How SQL itself works (have only done basic sites with html/css/js, no databases)
- My html/css itself is REALLY rusty since I forgot buttons have onclick attributes
- How sql injections work (wtf does that tick do???)
If I'm having so much trouble already on only the first one, I think the best course of action rn is to suspend hacker101 and spend some time on web fundamentals. Luckily I have a company sponsored udemy account so I can get this course for free. I think I'll simultaneously do that and some beginner friendly challenges from tryhackme (which I've heard is as beginner as it gets) AND build a webapp so I can get how that works. Hopefully that's not too much all at once, or the wrong way to go about things. Damn I'm really new at this.
Top comments (1)
其实flag0破解时,那个被禁止访问的网页好是在3~12之间随机的,我第一次尝试时发现是6,第二次是7
em.....我也好想学安全和黑客的知识,但是这题花了我3个小时......希望能有空一起交流学习