Web Challenge Walkthroughs - PicoCTF 2022 (BEGINNER-FRIENDLY Capture The Flag)

2 years ago
34

Web challenge walkthroughs for the Pico Capture The Flag competition 2022 (picoCTF). We'll cover HTML/JS/CSS inspection, directory traversal, cookie manipulation, hidden files/directories, SQL injection (SQLi), XSS and more! We'll use burp suite, firefox devtools, postgresql and ngrok. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Web #CTF #CaptureTheFlag #Pico #PicoCTF #PicoCTF2022

↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat/CTF
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23

↢PicoCTF↣
https://ctftime.org/event/1578/
https://play.picoctf.org/events/70/challenges
https://picoctf.org/discord
https://twitter.com/picoctf

↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run

↢Chapters↣
Start: 0:00
On Includes: 1:02
Inspect HTML: 1:43
Local Authority: 2:00
Search Source: 2:57
Forbidden Paths: 4:00
Power Cookie: 4:45
Roboto Sans: 5:10
Secrets: 6:22
SQL Direct: 7:46
SQLiLite: 9:04
Noted: 11:09
End: 30:56

Loading comments...