Category: WEB
Author: Dhruva
Answer / Flag: WEC{N3V3r_G0nNa_g1v3_Y0u_Up}
You have been asked to break into a website but it's not simple. The website is password protected and only the owner can access the website and now it's on you to get in!!
Here's what we know about him :
- He's pretty basic and has a gmail account
- Nobody knows his real name but we have an encrypted version of what might be his name: YPJRHZASLF
- He also also thinks of himself as a memelord. His favourite number is a five digit number made of two legendary numbers
Given the information, what do you think might be his email? Also, do you really need a password to login?
Docker image of the website docker pull dhruv693/wec_ctf_web_q:latest
Vaccines ? Think more malicious
- The actual name of the owner is RICKASTLEY. When shifted with a key 7 it results in YPJRHZASLF and the five digit number is 69420, so the email required is : [email protected]
- Then they need to use an SQL injection to break into the website
Password isn't required to gain access.
[email protected]' OR '1' = '1 - Then they are redirected to a page with the url ending with V0VDe04zVjNyX0cwbk5hX2cxdjNfWTB1X1VwfQ== which is the base64 encryption of the flag!