Super Control 3 - CTF 93

Abdullah Al Mamun
IHC Blog

CTF Name: Super Control 3

Level: Beginner

Topic: Web Exploitation

Flag Format: ICTF{}

Description:

You can control a server using terminal. Using terminal you can get sensitive information. If you need help, type help command. Try to find hidden file.

Website: https://ictf.ihcbd.xyz/SuperControl/

Solution:

When we checked the robots.txt we discovered another path: /flag.php Upon accessing this path, we encountered the text "No user found. Only admin can access this." Despite trying various methods, we were unable to gain access. 

Eventually, we decided to perform parameter fuzzing using this param wordlist This approach led us to identify the parameter "username", and interestingly, the webpage displayed the message "Flag: Only admin can access this." Consequently, we modified the username to "username=admin" and successfully obtained the flag.

Flag: ICTF{W31C0M3_4DM1N_70_1C7F}

Join Our CTF Channel:

https://t.me/ctf_invisiblehc