Posts Categories Tags About Me

Contents

🌐 Web Gauntlet 3

A detailed write-up of the Web challenge 'Web Gauntlet 3' from PicoCTF - 2021

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoGym/PicoCTF-2021/Web
   354 words   2 minutes 

/images/PicoGym/PicoCTF-2021/WebGauntlet3/challenge_presentation.png
Challenge Presentation

📊 Challenge Overview

Category Details Additional Info
🏆 Event PicoGym Event Link
🔰 Category Web 🌐
💎 Points 500 Out of 500 total
⭐ Difficulty 🟡 Medium Personal Rating: 0/10
👤 Author madStacks Profile
🎮 Solves (At the time of flag submission) 4.878 solve rate
📅 Date 21-02-2025 PicoGym
🦾 Solved By mH4ck3r0n3 Team:

📝 Challenge Information

Last time, I promise! Only 25 characters this time. Log in as admin Site: http://mercury.picoctf.net:24143/ Filter: http://mercury.picoctf.net:24143/filter.php

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

/images/PicoGym/PicoCTF-2021/WebGauntlet3/site_presentation.png
Site Presentation
/images/PicoGym/PicoCTF-2021/WebGauntlet3/filter.png
Filter

This is the third challenge in the Web Gauntlet series and is identical to Web Gauntlet 2 in terms of the applied filters. The only difference is that the payload length is reduced from 35 to 25 characters. However, I noticed that the payloads used for Web Gauntlet 2 do not exceed 25 characters, making them valid for this challenge as well.

1
2

username: ad'||'min
password: ' IS NOT 'a

/images/PicoGym/PicoCTF-2021/WebGauntlet3/len.png
Length

So I directly used the previous payload to achieve the injection and gain access as the admin user.

/images/PicoGym/PicoCTF-2021/WebGauntlet3/injection.png
Injection

I won’t detail the exploitation phase since it was quite straightforward and identical to Web Gauntlet 2. For more information on why it works, refer directly to Web Gauntlet 2.

🔬 Vulnerability Analysis

Potential Vulnerabilities

  • SQL Injection

🎯 Solution Path

Exploitation Steps

Flag capture

/images/PicoGym/PicoCTF-2021/WebGauntlet3/manual_flag.png
Manual Flag

🛠️ Exploitation Process

Approach

The exploit is identical to the one used in the challenge Web Gauntlet 2, with the only difference being the challenge URL.

🚩 Flag Capture

Flag

Proof of Execution

/images/PicoGym/PicoCTF-2021/WebGauntlet3/automated_flag.png
Automated Flag
Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose
Python Exploit

💡 Key Learnings

Skills Improved

  • Binary Exploitation
  • Reverse Engineering
  • Web Exploitation
  • Cryptography
  • Forensics
  • OSINT
  • Miscellaneous

📚 References & Resources

Similar Challenges

Learning Resources

📊 Final Statistics

Metric Value Notes
Time to Solve 00:00 From start to flag
Global Ranking (At the time of flag submission) Challenge ranking
Points Earned 500 Team contribution

Created: 21-02-2025 • Last Modified: 21-02-2025 *Author: mH4ck3r0n3 • Team: *

Updated on 01/03/2025
Read Markdown
 💉 SQL Injection💻 SQLite🌐 Web Exploitation
Back | Home