Securinets Friendly 2022

Welcome

NFT Marketplace

JW token

LoGic?

preg_replace() in php replaces only once.

Request basics 1

Request basics 2

Request basics 3

Web Crawler

COOOOOOOOkiiie

all you have to do is to delete the Cookie

Then, decode with cyberchef (online website)

XXdirect

You should notice that the Url changes from XXdirect.ctf.securinets.tn to redirect.ctf.securinets.tn

all you have to do is to see raw response from the first url

Halt and Catch Fire

Some players were trying to deobfuscate JS and ended up with a single part of the flag, that’s nice but the intended solution is to expose players to Browser debug mode.

Tunisia

The least solved one,

You should notice that whatever input in placeholder1 param gets injected in html code.

I already gave you the format of the injection with the attribute id=”placeholder2” to modify : all you have to do is to google how js is interacting with html and thus you’ll find the known js method : getElementById

Searching in Tunisia.js, you’ll find that if the div element isn’t “map”, there will be a console logging of the char “-“

solution : web.ctf.securinets.tn:7005/?placeholder1=

with base 64 decoding the secret is : GetElEmeNtById

flag : Securinets{GetElEmeNtById}