Defendtheweb : Intro 1–9 CTF Challenges.

Intro 1

When i saw the question, I knew the credentials would be in the source Code so yh, I viewed it and boom! I saw the Username and password + i have got the csrf-token.

Intro 2

From the sourcecode you can see the Username and password.

Intro 3

Not available.

Intro 4

../../extras/playground/9d2K4Fw.json. I saw this in the sourcecode.
https://defendtheweb.net/extras/playground/9d2K4Fw.json. This gave me the password and username.

Intro 5

As you can see, It’s in the sourcecode.

Intro 6

As stated in the instruction, I Need to login as ‘girldog’ but I don’t have the username in the drop down menu
So I edited the drop down menu and logged into system by the help of
Developer Tool.

Intro 7

The prompt is: “You couldn’t even find the password using a search engine as search bots have been excluded.” So I decided to check robots.txt.

Let’s go to `https://defendtheweb.net/robots.txt` and see:

Then go to `https://defendtheweb.net/extras/playground/jf94jhg03.txt` and Boom!!

Intro 8

I viewed the sourcecode. From here, https://defendtheweb.net/extras/playground/48w3756.txt I got some binary:

$ bin2ascii “01100010 01110101 01110010 01101110 01100010 01101100 01100001 01111010 01100101”
burnblaze
$ bin2ascii “01001100 01110000 00111001 01000101 01001101 00110010 00110111 01000111 01010010”
Lp9EM27GR

Intro 9

Find the hidden input field and change admin email in the email2 field. Then the login details are presented.

Thank you so much for reading my writeup!.