MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Source

by sealldev
🚩 CTFs SecEdu CTF 2024 web
Source / SecEdu CTF 2024
Source

Description

ORG-C has given us access to one of their file servers -- conveniently served over HTTP without authentication. There is no requirement to brute-force infra here, please avoid doing so.

http://files.secedu.site/

Original Writeup on seall.dev

Looking at the root of the website we can see the following: sourceindex.png

The instructions tell us to view a users files at /<FIRST-NAME><LAST-NAME>.html

Let’s check out our good pal Layton from the past few weeks:

sourcelayton.png

Inside his directory, we see a Flag.txt, Lunch.txt and encryptedfiles.txt.

Checking out flag we are given the solve: sourcesolve.png

Flag: SECEDU{first_f14g_0n_th3_right_tr4ck}

Related Writeups

caas

Now presenting cowsay as a service https://caas.mars.picoctf.net/

#medium

Cookies

Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:17781/

#easy

findme

Help us test the form by submiting the username as `test` and password as `test!` Hint: any redirections?

#medium

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub