- Challenge URL: http://3.39.185.124:29292/
- Challenge File: None
I cannot log into my blog instance right now. You have to exploit my buggy blog and pwn the system.
No source code this time. Since I made some mistakes during the initial setup process, it should be easy for you to exploit this service.
ps1. Sorry, I didn't have time to create challenges lol. Forget about the WordPress 0day. It's a 24hr CTF after all.
ps2. If anything's found to be broken, it's all intended. Server reboots regularly.
Useful Information / Hints
- The flag is in
/flag
- The server reboots in every 5 minutes.
- You don't have to bruteforce too much. We may permanently ban IPs for bruteforcing way too much. There is no point of excess bruteforcing.
- The official build ships with two different editions. You probably need to check both.
- The blog was initially built back in 2017~2020. Please note that there are two official builds.
- 413 is intended. shorten your exploit or find a good way to exploit 🙂
-- stypr
- General Division: 5 solves
- University Division: 0 solves