Too Fast

2fast4me

Something went by too quickly!

Author: Dragonym

We were stumped by this challenge for awhile due to the description given. We thought there must be something that was shown on the site for a brief second!

Too Fast site

We did all sorts of things to try and find what went onto the site. First, we read the HTML source code and looked at the scripts.

  <title>Too Fast</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>

Unfortunately, there is nothing out of the ordinary. These are the standard Bootstrap and jQuery scripts.

Next, we scrolled down the webpage and we saw a form submission, and so we thought this could be something of interest!

We then looked at the HTML source code again but we soon realized that the form is of no use, and that it leads to nowhere (no POST request).

  <form class="form-inline">Get deals:
    <input type="email" class="form-control" size="50" placeholder="Email Address">
    <button type="button" class="btn btn-danger">Sign Up</button>
  </form>

We took a break, and I just stared at the word "Too Fast" and the word kept playing in my head to a point that I thought of something. Too Fast? or To Fuzz? I don't know how I came about that but the idea just went through my mind πŸ˜‚

Fuzzing is a Black Box software testing technique, but the funny thing is, that is what we DID NOT do.

We used DirBuster, a Kali Linux tool, for Web Application brute forcing.

We ran DirBuster with an Extension List of .php and .aspx, and it found an /admin.php page! It returns a 302 code, which means the resource has been temporarily moved.

Next, we just ran a curl command and we got the flag!

Flag!!!

Flag: grey{why_15_17_571LL_ruNn1n_4Pn39Mq3CQ7VyGrP}

The challenge is 2fast4u! 🏎️

Last updated