Juniors CTF 2016 :: Voting!!!

Key Takeaways

Hey, what's going on everybody? My name is John Hammond. Welcome back to another YouTube video. Still looking at the junior CTF capture the flag competition that went on this weekend. Uh this time I wanted to showcase the voting challenge which was a 500 point web scripting challenge. Um and the way that I solved this was like kind of cheap kind of cheating. I didn't actually end up doing a whole lot of web scripting. I didn't end up doing really any technical stuff. I was just kind of clever in that uh the way that I was thinking about how myself and how other people work. Uh so the challenge part here is just uh some characters from Gravity Falls running with mayor like running with uh running for mayor or whatever. And uh before anyone can enter the pre-election headquarters, anyone can enter the pre-election headquarters, but you also need to get some votes. So um uh it would give you this login page uh and initially the first time you probably enter, you don't have a login, so you can register one um and an an account. And I've had just been rendering registering some random things. So I'd like copy and paste my username and password and just fill out the field just like that. And there was a capture that you could play with. And you could even automate the capture if you entered a uh you'd notice that it would include the capture in the redirection or the get request that you get back if you created a a username that was already taken. And I'm assuming that's how it was probably intended to be solved because you could automate like creating accounts because you could just be able to see what the capture was and fill it out like automatically. You could program that and if you wanted to. I keep getting this weird error. Uh I honestly don't know why. I can't tell if um they have ran out of people or ran out of like ID numbers they can use for each individual. So whatever. I'll just try and log in with a an account that I created earlier. BIM. And BIM again. And I had the same username and password because I was just trying to quickly run through that field. So then I saw that was interesting. I had uh once you're logged in, you're told you have negative one votes and you can vote negative one times. But individuals who have more than 250 votes will receive some interesting things from Bill. So our goal is to get more than 250 votes assuming and I guess that's how we can get the flag. So I saw some interesting things. Some people already have all of these votes and I'm looking at their names and I'm looking at like I wonder if anyone had just ran through the form like I had and literally would just copy and paste the username into the password field. So I look for like simple and unique like like simple and really easy usernames and this TTT seemed interesting. So I see this TTT account and I wonder does he have the same username and password? And of course he does. So it says, "Hey, you have 251 votes and you can vote 251 times. Check your profile because you have more than 250 votes." So you check it out and hey, here's your flag. Rainbow puke. That's it. That was literally it. So again, just some thinking. I didn't do any like web like scripting or any technical stuff. I just kind of thought, well, people have already solved this challenge and somehow I admittedly still don't even know how. I don't know the intended solution of this challenge, but if they have those votes and they just have a really simple username and password I can log in with, then dude, that's that's game, right? I I just get the flag. A flag is a flag. So, probably a little cheap, but I just wonder how many of these accounts have the same username and password that you could just log in as because it's the same thing and see if you can get their things again. Yep. AA because that's probably just copied and pasted. Uh, K1 looks like he has 251 votes. More than the 250 that we need. K1. K1. Okay, that one has the wrong password. But it took me just like looking to see people that have or accounts that have more than the needed number to get a flag. And I just would log in with them under the premise they had the same username and password. So some do, some don't, but I just looked for simple ones that people probably just copied and pasted like ttt or aa aa. So easy, not too technical of a challenge, but again, kind of cheap and kind of cheating in the way that I ended up solving it. So, whatever. Take it for what you will. In my opinion, a flag is still a flag. And I mean, it's still some interesting and curious thought to take note of how people probably would just copy and paste the same username and password like I would have. So, all right. Thanks for watching, guys. Hope you enjoyed this one. Uh, again, real simple, but hey, quick and easy. Five points. And I'll show off some more of the later challenges as uh as uh I post more videos. So, thanks for watching, guys. See you later.