[WEB] Cartographer

Hi All, am about to throw this laptop through the window :expressionless:
kinda new to CTF stuff and have tried numerous things to no avail.
Tried dirb index.php?user/page={wordlist}, tried the obvious …php?auth=1 etc. Tried force browsing directories.
Im sure its either staring me in the face or im on the wrong path.
Anyone willing to pm me some hints (not solutions) would be much appreciated.
Cheers

@svabo said:
Hi All, am about to throw this laptop through the window :expressionless:
kinda new to CTF stuff and have tried numerous things to no avail.
Tried dirb index.php?user/page={wordlist}, tried the obvious …php?auth=1 etc. Tried force browsing directories.
Im sure its either staring me in the face or im on the wrong path.
Anyone willing to pm me some hints (not solutions) would be much appreciated.
Cheers

the obvious?
you haven’t tried the complete obvious.
what is the thing you are looking for?

I got that the complete obvious is to navigate directly to somepagetoguess.php. Is this correct? I just need to guess the page? thank you very much.

On my third attempt at this now. This obvious thing can’t be that obvious. I’ve tried all the simple obvious things I know of and none of them are correct.

after completing it i was like “■■■■ is that it !!” wasted a lot of time doing dirb

I’m having some trouble with this one. I’m not sure what the most basic web form login bypass method is. When I google it I receive some hits on SQL injection but I’ve read that injection is not the answer. Any help via here or pm is greatly appreciated. Thanks.

@AviShabat said:

@svabo said:
Hi All, am about to throw this laptop through the window :expressionless:
kinda new to CTF stuff and have tried numerous things to no avail.
Tried dirb index.php?user/page={wordlist}, tried the obvious …php?auth=1 etc. Tried force browsing directories.
Im sure its either staring me in the face or im on the wrong path.
Anyone willing to pm me some hints (not solutions) would be much appreciated.
Cheers

the obvious?
you haven’t tried the complete obvious.
what is the thing you are looking for?

:slight_smile: All done. Was overthinking it as normal.

Cheers all

Can someone send me a PM to point me in the right direction? I tried SQL injection with sqlmap but without success. After fuzzing urls I found one other url but it just redirects to the index… I’m new to CTF

@DrChud said:
I’m having some trouble with this one. I’m not sure what the most basic web form login bypass method is. When I google it I receive some hits on SQL injection but I’ve read that injection is not the answer. Any help via here or pm is greatly appreciated. Thanks.

Neeevermind, I got it

Got it also, seems so simple now that I know… smashes head

Finally solved the challenge. Is there a way to look up the source code to understand why one specific version of what I tried worked and others - didn’t?

need a hint. tryed to find pass via hydra to brute> loginname “Cartographer” and rockyou.txt passware list. but does not work. sql injection same result. pls PM me, someone… I’m not sure what the most basic web form login bypass method is? guys pls PM me to solve 1st part T_T tnx

Awesome!.. seems this is the easiest on all the web challenge :slight_smile:

Oh man :lol: don’t overthink guys. After bypass the login no need worry about any other tools. Just think only about “flag” :slight_smile:

lol, took me a second after login. Think “what am I actually doing on this webpage? what am I hear for?”

okay easy way out, after bypassing the login, think of what you are looking for in the page then try playing with the url

@Agent22 said:

@typing said:
"Cartographer Is Still Under Construction! " True or just some tricks on the link?

Are you searching flag ? :wink:

Thanks for this man

i still can’t get through the login. i don’t understand what people mean by simple login page bypass. I’m new to CTF. i tried dirb and found the php page which redurects to main page and a forbidden directory. what am i missing? can someone please point me to the right direction ? thanks in advance

@Agent22 said:

@typing said:
"Cartographer Is Still Under Construction! " True or just some tricks on the link?

Are you searching flag ? :wink:

yes i am. i found the user and password already. but could not find a flag. please help

after reading all the comments i felt so dumb… like how can i even miss this simple thing… anyways done…