Dr. Hrabowski's Great Adventure Writeup (Dawg CTF 2021)

_Mars

Type: Web

Difficulty: Easy

Prompt: President Freeman Hrabowski is having a relaxing evening in Downtown Baltimore. But he forgot his password to give all UMBC students an A in all their classes this semester! Find a way to log in and help him out.

Solution

This challenge had the link “http://umbccd.io:6100” and a note which says “If you get an SSL error, try a different browser”. I got this error so as instructed, used a different browser. I got this login page.

Tried basic SQL injection. Gave <1’ or 1=1 – -> (without the angular brackets) as username and some random password. Got logged in!

Looked around, but didnt find anyting useful. The opened the ‘Network’ tab under Inspect. Searched a bit, and then found the flag in the response header of ‘home.php’.

Flag: DawgCTF{WeLoveTrueGrit}