Edit

Irish-Name-Repo 3

Problem

There is a secure website running at https://2019shell1.picoctf.com/problem/32237/ (link) or http://2019shell1.picoctf.com:32237. Try to see if you can login as admin!

Solution

  1. There is a hidden form field named debug. Set it to 1.

  2. Sign in as password: abcdefghijklmnopqrstuvwxyz

  3. Decode caesar cipher that is shown: nopqrstuvwxyzabcdefghijklm with https://cryptii.com/pipes/caesar-cipher to find 13 is the offset

  4. Encode ' or '1'='1 with offset 13 with same website to get ' be '1'='1

  5. Paste ' be '1'='1 into password to get flag

Flag

picoCTF{3v3n_m0r3_SQL_5c27c4ea}

PreviousIrish-Name-Repo 2NextReverse Engineering

Last updated

Was this helpful?