Write up of challenge Number 3 from AstonHack CTF

Eddie Mora
3 min readFeb 21, 2021

First thing is to run an NMAP scan

Nothing interesting only 80 and 22, port number 9999 is a rabbit hall!

So let's check the app :

Nothing special, but we can see a register option plus a login, lets create an account and see what we can fin!

After creating a test account and log in with it, we face a page that says: sorry, but you’re not okay!

Outsh! this is so unexpected! let's check the source code!

Hmm, it says that we need to fix a broken cookie then check the admin page! let's check the cookies then

we have this sessionID and it looks like some base64 data, after decoding it will give this: {“session_id”:”m9sh54dissn7sqe44l3r1m2b28",”is_admin”:”false”}

the trick here was to change the is_admin value to True and re-encode with base64 then use it in the cookie!

so now let's check the admin.php page!

Cool we are Okay now, and we have a password, lets try to Ssh with it!

user:okay | password:yalo

as expected we are in as okay, so let's find the flag!

there is no flag in okay’s home directory, so let's check another user!

we have Tensho, and there is a flag inside

there is also a hidden file called .secret.txt

the flag was a binary that we needed to decode and it gives this :

QBIQBW{PAWVSBS_COIEQDV3F3} it's weird like a random flag!

the key here is to understand that its a cipher that you need to decrypt using the key mentioned in the .secret.txt file ‘okaytensho’

You can use online tools to do this and you will get the first Flag!

The second and third flags were easy to find no exploitation needed only recon!

you can find them in /var/www/html/flag.txt

and /var/www/html/database.php