Posts List

Olympic CTF CURLing500 Write Up

We didnt have time to finish this task during the game since we decided to finish Freestyle 400 (scored in the last minute) but as I foound out later, we were close to finish it. In this level we were presented with a login form vulnerable to user enumeration. It was easy to see that admin was a valid user but we could not guess the password. After trying with other “normal” accounts like guest, dev and so on, we found that debug was a valid account and the password was debug.