Super Control 5 - CTF 95
CTF Name: Super Control 5
Level: Beginner
Topic: Web Exploitation
Flag Format: ICTF{}
Description:
You can control a server using terminal. Using terminal you can get sensitive information. If you need help, type help command. Try to find hidden admin login.
Website: https://ictf.ihcbd.xyz/SuperControl/
Solution:
When we checked the view source of the challenge site again, we found a file named style.css and found a username and password. While there was no login page initially, we decided to try accessing /login.php as a random guess, and surprisingly, it led us to a login page.
However, the provided username and password did not give us the flag. We suspected that the login page might be vulnerable to PHP juggling, so we began searching for an alternative value for "aabC9RqS". After some investigation, we discovered that the alternative value for "aabC9RqS" was "aabg7XSs" on here , we tried using "aabC9RqS" as the username and "aabg7XSs" as the password, and this time we successfully obtained the flag.
Flag: ICTF{MD5_BR0K3N_5UCC355FU11Y}
Join Our CTF Channel: