Super Control 4 - CTF 94

Abdullah Al Mamun
IHC Blog

CTF Name: Super Control 4

Topic: Web Exploitation

Flag Format: ICTF{}

Description:

You can control a server using terminal. Using terminal you can get sensitive information. If you need help, type help command. Try to login.

Website: https://ictf.ihcbd.xyz/SuperControl/

Solution:

When we checked the robots.txt file, we discovered a path: "/adminlogin.php". After navigating to this location, we found a simple admin login panel. So, we attempted a SQL injection on the username and password fields using the payload "admin' or 1=1-- -" and successfully obtained the flag.

Flag: ICTF{345Y_5Q1_1NJ3C710N}

Join Our CTF Channel:

https://t.me/ctf_invisiblehc