NISRA - different places

Posted on 2023-03-06 | Post modified | In Security/Practice/NISRA/Web |

Exploit - Integrate Fragments Flags

View Page Sources
base64 decode dXNlcm5hbWU6YWRtaW5fcGFzc3dvcmQ6bmlzcmE= $\to$ username:admin_password:nisra
Observe the form It uses get method to fetch the parameters. So we can peek login.php first. Then we could use the username and password we got at previous step. Payload: view-source:http://chall2.nisra.net:41025/login.php?username=admin&password=nisra Then we got the last fragment flag.

:::spoiler Whole flag NISRA{KaN_y0u_fIND_FlA9_a7_dIff3R3n7_5Pac32} :::

Post author: SBK6401
Post link: https://bernie6401.github.io/security/practice/nisra/web/2023/03/06/NISRA-different-places/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.