Lawful Evil (lawful_evil) wrote,
Lawful Evil
lawful_evil

HackerOne CTF Postbook

Postbook... 7 flags at 4 points each.

The page looks like it can have a post timeline for posts you create, a way to sign in, sign up, etc.   After creating an account I can see the other posts and see there are users 'user' and 'admin'. 

First flag... log in as 'user'.  Brute force it a bit.. password is super simple.

Second flag... This involves checking post IDs that are not yours..   eg 0, 1, ...   Number 2 reveals a secret post and flag.

Third Flag.. you find by looking at the source when making a new post.   There is a hidden parameter to the post to set the user id.   Alter it so it doesn't match and boom.   Third flag.

Fourth flag... This one really needs a hint... 189*5 was what they gave.   Basically had to check that really high post number and boom.  Flag.

Fifth Flag... edit a post and then alter the parameters to specify someone else's post.   Flag.

Sixth Flag... This one and the next depend on you noticing that the posts and such use a sequence of funny hashes.   That those are always in the same order.   You can set your own cookie to another of the hashes in order to be signed in as another user. 

Seventh Flag
When you create a post and then delete it, it passes in some kind of oddball number, "a87ff679a2f3e71d9181a67b7542122c".   If you check a few single digits as MD5 sum you find '4' hashes to that one.
Tags: ctf, cybersecurity, hackerone, hacking, parameters, postbook
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments