MMA CTF 2nd 2016: Get the admin password! (Web) Write-up

Descriptions:

Get the admin password!
http://gap.chal.ctf.westerns.tokyo/

You can use test:test

Solution: 

1. Try to inject in user/password field such as SQL Injection it not show more information.

2. Fuzzing via BurpSuite Pro with Simple list: Fuzzing - SQL Injection by user=admin&password=[Fuzz]. and get some different length.

3. Using Google to search with keyword that we have and found the backend database is MongoDB

4. Try MongoDB Injection with user=admin&password[$ne]=1, and successfull to login as admin!

5. This challenge need a admin password, I try regex operator to guess a admin's password like user=admin&password[$regex]=^TWCTF{[Fuzz]

6. Set payload type Brute forcer with characte set in $ python -c "import string; print string.printable".

7. Set option Grep - Extract because if character is valid will return HTTP status code 302 Found to redirect to index page.

8. Start attack and found 1st character is "w" :)

9. Fuzzing to find another character of admin's password.

Flag: TWCTF{wasshoi!summer_festival!}

MMA CTF 2nd 2016: glance (Misc) Write-up

Descriptions:

I saw this through a gap of the door on a train.

Solution: 

1. Get a animation gif file and go to http://gifmaker.me/exploder/ for split gif to frame.

2. I want to concat all gif image and go to www.google.com, search and get some command that usefull. http://stackoverflow.com/questions/20737061/merge-images-side-by-sidehorizontally

3. convert +append *.gif out.png

Flag: TWCTF{Bliss by Charles O'Rear}