Log in

No account? Create an account

Sun, Jun. 2nd, 2019, 05:07 pm
HackerOne CTF Postbook

Postbook... 7 flags at 4 points each.

The page looks like it can have a post timeline for posts you create, a way to sign in, sign up, etc.   After creating an account I can see the other posts and see there are users 'user' and 'admin'. 

First flag... log in as 'user'.  Brute force it a bit.. password is super simple.

Second flag... This involves checking post IDs that are not yours..   eg 0, 1, ...   Number 2 reveals a secret post and flag.

Third Flag.. you find by looking at the source when making a new post.   There is a hidden parameter to the post to set the user id.   Alter it so it doesn't match and boom.   Third flag.

Fourth flag... This one really needs a hint... 189*5 was what they gave.   Basically had to check that really high post number and boom.  Flag.

Fifth Flag... edit a post and then alter the parameters to specify someone else's post.   Flag.

Sixth Flag... This one and the next depend on you noticing that the posts and such use a sequence of funny hashes.   That those are always in the same order.   You can set your own cookie to another of the hashes in order to be signed in as another user. 

Seventh Flag
When you create a post and then delete it, it passes in some kind of oddball number, "a87ff679a2f3e71d9181a67b7542122c".   If you check a few single digits as MD5 sum you find '4' hashes to that one.