Irish-Name-Repo 3

Problem

There is a secure website running at https://2019shell1.picoctf.com/problem/32237/ (link) or http://2019shell1.picoctf.com:32237. Try to see if you can login as admin!

Solution

  1. 1.
    There is a hidden form field named debug. Set it to 1.
  2. 2.
    Sign in as password: abcdefghijklmnopqrstuvwxyz
  3. 3.
    Decode caesar cipher that is shown: nopqrstuvwxyzabcdefghijklm with https://cryptii.com/pipes/caesar-cipher to find 13 is the offset
  4. 4.
    Encode ' or '1'='1 with offset 13 with same website to get ' be '1'='1
  5. 5.
    Paste ' be '1'='1 into password to get flag

Flag

picoCTF{3v3n_m0r3_SQL_5c27c4ea}