🔬
CTFs
  • 🚩nitrozeus's CTF Writeups
  • Tutorial
    • Install Windows 10 VM on M1 Mac
  • My Notes
    • Capture-The-Flag
      • Windows Forensics
      • Memory Forensics
      • Base32, Base64
      • Steganography
      • Email Analysis
      • Malware Analysis
      • MD4, MD5 Cracking
      • Social Engineering
      • OSINT
      • Google Dorking
      • Reconnaissance
      • Port Scan (nmap)
  • 2023
    • 🧠BrainHack CDDC 2023
      • Gallery
      • Eazy Network Analysis
      • What the hell happened to the PC?!
      • Audio Steganography
  • 2022
    • 🐱Grey Cat The Flag 2022
      • Parcel
      • Memory Game (Part 1)
      • Too Fast
      • Entry
      • Ghost
      • Firmware
      • Image Upload
      • flappy-js
    • ⛵STANDCON 2022
      • I Sea You (Part 1)
      • Locate Me
      • I Sea You (Part 2)
      • Trolley Trolling
      • A New Gateway
      • Walks like a cat, barks like a dog
      • Shark in the Ocean
      • Atlan Safe P1
      • Gift from Russia
      • Asmuth Shares
      • Memedump
      • Warmup Forensics
    • 🦁STACK the Flags 2022
      • Finding Nyan
      • New Task!
      • Hit you with that
      • Cobalt Struck
      • PyRunner
Powered by GitBook
On this page
  1. 2022
  2. Grey Cat The Flag 2022

Too Fast

2fast4me

PreviousMemory Game (Part 1)NextEntry

Last updated 2 years ago

Something went by too quickly!

Author: Dragonym

We were stumped by this challenge for awhile due to the description given. We thought there must be something that was shown on the for a brief second!

We did all sorts of things to try and find what went onto the site. First, we read the HTML source code and looked at the scripts.

  <title>Too Fast</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>

Next, we scrolled down the webpage and we saw a form submission, and so we thought this could be something of interest!

We then looked at the HTML source code again but we soon realized that the form is of no use, and that it leads to nowhere (no POST request).

  <form class="form-inline">Get deals:
    <input type="email" class="form-control" size="50" placeholder="Email Address">
    <button type="button" class="btn btn-danger">Sign Up</button>
  </form>

Next, we just ran a curl command and we got the flag!

Flag: grey{why_15_17_571LL_ruNn1n_4Pn39Mq3CQ7VyGrP}

Unfortunately, there is nothing out of the ordinary. These are the standard and scripts.

We took a break, and I just stared at the word "Too Fast" and the word kept playing in my head to a point that I thought of something. Too Fast? or To Fuzz? I don't know how I came about that but the idea just went through my mind

is a Black Box software testing technique, but the funny thing is, that is what we DID NOT do.

We used , a Kali Linux tool, for Web Application brute forcing.

We ran DirBuster with an Extension List of .php and .aspx, and it found an /admin.php page! It returns a code, which means the resource has been temporarily moved.

The challenge is 2fast4u!

🐱
😂
🏎️
Bootstrap
jQuery
Fuzzing
DirBuster
302
site
Too Fast site
Flag!!!