Avengers Blog
Cookies
Lets visit the webpage
Lets look at the Cookies (Ctrl + Shift + i) in the Storage tab'
We have the flag
HTTP Headers
Lets go to the Network tab and hit reload and select the option to only look at HTTP requests
We have the second flag
Enumeration and FTP
Lets run a nmap scan to find open ports and then login into FTP with the given credentials.
Lets look at the files on the FTP server,
We have a directory and the flag in the directory, so transfer the file onto our machine and read the file to get the third flag.
Gobuster
Lets run gobuster to find hidden files and directories
The /portal has a login page, so that the answer for this task
SQL Injection
Lets capture the request using Burp and send it to repeater
Now lets use SQL Injection to login as admin
Its says found, now lets send it as a real request in the proxy tab.
We are logged in. Looking at the source code, there are 223 lines being used, so that is the answer to the question in this task.
Remote Code Execution and Linux
We cannot read the file with the cat command, so lets use the tac command
Last updated