Capture the flag - 1

For this assignment you will test your web application hacking skills. You could work in groups of 2-3 if you would like.

Each member of your group should begin by creating an account at https://ctf.hacker101.com/ctf. You then should give me an identifier that you would like to use for your group (i.e. the-tigers) as well as the email addresses of those in your group. I will then email you a group invitation for hacker101. You can then proceed to do your CTF stuff.

You need to complete the following CTF exercises:

• A little something to get you started
• Postbook
• Micro-CMS v1
• Micro-CMS v2 (sql injections could help!)
• Petshop Pro

Don’t forget to use burpsuite and sqlmap for sqlinjections. You can also use other tools. (dirb might be useful)

There are plenty of walkthroughs on the internet, but try to only use them as a last resort!

What to submit

You will create a single PDF document. Create detailed documentation as to what you did to find each flag. You should even include things that you did that were unsuccessful. Finally, take a screenshot of your web page that shows the count of flags you were able to find (make sure it shows your username at the top of the screen).

Grading

• You can receive 1 point for each flag found (I counted a total of 18 possible flags to find)
• You can receive up to 12 points for good documentation
• Total points possible: 30

Last Updated 12/12/2022