Guild icon
Project Sekai
🔒 BYUCTF 2023 / ✅-web-urmombotnetdotnetcom-5
Avatar
Sutx BOT 05/19/2023 10:01 AM
urmombotnetdotnet.com 5 - 500 points
Category: Web Description: During my databases class, my group and I decided we'd create a web app with the domain urmombotnetdotnet.com, and wrote the relevant code. At first glance, it looks pretty good! I'd say we were pretty thorough. But were we thorough enough?? Oh... we also forgot to make the front end :) byuctf.xyz:40010 -------------------- What is flag 5? (see byuctf{fakeflag5} in source) (see source from first chall) Files: No files. Tags: Hard
05/19/2023 10:01 AM
Sutx pinned a message to this channel. 05/19/2023 10:01 AM
Avatar
Sutx BOT 05/19/2023 10:02 AM
@Violin wants to collaborate 🤝
10:08
@rubiya wants to collaborate 🤝
10:12
@Legoclones wants to collaborate 🤝
10:12
@jayden wants to collaborate 🤝
Avatar
Sutx BOT 05/19/2023 11:28 AM
@strellic wants to collaborate 🤝
11:33
✅ Challenge solved.
Avatar
strellic 05/19/2023 11:33 AM
byuctf{IPv6_scopes_are_just_arbitrary_strings...maybe_there_are_more_vulns_worldwide?}
11:33
use ip FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
Avatar
Legoclones 05/19/2023 11:33 AM
oh 👀
11:33
i guess that works too
Avatar
strellic 05/19/2023 11:34 AM
what was intended lol
11:35
also i thought this was a fun series of challenges
11:35
i liked it
Avatar
Legoclones 05/19/2023 11:35 AM
something like "2001:db8::1000%111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", in IPv6 you can put anything after % char
11:35
even like "2001:db8::1000%; whoami"
11:35
I'm glad! 😄
Avatar
strellic 05/19/2023 11:35 AM
oh huh thats interesting
11:35
cool!
Avatar
Legoclones 05/19/2023 11:36 AM
ggs
Exported 21 message(s)