PicoCTF 2017 – No Eyes

This was a pretty fun little challenge. The blurb we get about the challenge is:

The website isn’t really me much, but you can still get the admin password, right?

Trying to break the web app using single quotes to login revealed the actual SQL query.

Using this I tried the query ‘ or pass like ‘%’ — and this produced an error message telling me that the flag was 63 characters long.

Trying the same query with ‘a%’ revealed an incorrect password.

So to get the flag we will have to brute force this. I came up with a pretty terrible python script using the requests http library to achieve this. It would loop through all characters until it received the “Login Functionality Not Complete” message, and then repeat over and over until we had the full flag.

The script I wrote can be found here. The full flag has not been shown to prevent spoilers. As I have been trying to learn more Python, this was a pretty decent and fun challenge!


Leave a comment