[WEB] Cartographer

i still can’t get through the login. i don’t understand what people mean by simple login page bypass. I’m new to CTF. i tried dirb and found the php page which redurects to main page and a forbidden directory. what am i missing? can someone please point me to the right direction ? thanks in advance

@Agent22 said:

@typing said:
"Cartographer Is Still Under Construction! " True or just some tricks on the link?

Are you searching flag ? :wink:

yes i am. i found the user and password already. but could not find a flag. please help

after reading all the comments i felt so dumb… like how can i even miss this simple thing… anyways done…

I recently solved this challenge by random guessing using stuff I read online (whatever works right) but I was wondering if someone could pm me a little guidance as to how to use one of kali’s tools to automate and speed up the process. I’ve tried a couple of them after solving it but can’t get any to work. Since I’m pretty new, I’m really making an effort to make sure I understand everything I’m doing. Thanks.

The flag is the flag. Don’t overthink.

“Cartographer Is Still Under Construction!” idk what means

i have been stuck on this for hours now. bruteforcing for directories does not help. how do bypass login

Got this today thanks to some hints here. Careful, one of them is misleading.
This challenge is a 2 part TEXTBOOK example of the exploit. Great job.

As people have said, get you practice in with basic ways to bypass that login.

Good luck!

@CrossHeart963 i sent you a pm. still stuck on this. i cant get pass the login page. using dirb and parameter fuzzing

@AviShabat said:

@svabo said:
Hi All, am about to throw this laptop through the window :expressionless:
kinda new to CTF stuff and have tried numerous things to no avail.
Tried dirb index.php?user/page={wordlist}, tried the obvious …php?auth=1 etc. Tried force browsing directories.
Im sure its either staring me in the face or im on the wrong path.
Anyone willing to pm me some hints (not solutions) would be much appreciated.
Cheers

the obvious?
you haven’t tried the complete obvious.
what is the thing you are looking for?

Just solved this. Now laughing at myself.

I did it in a matter of minutes and it felt quite underwhelming :sunglasses:

@zealsham said:
@CrossHeart963 i sent you a pm. still stuck on this. i cant get pass the login page. using dirb and parameter fuzzing

You’re overthinking it. As you can read from other suggestions, bypassing is the key. What is the most obvious login bypass technique out there? Yes, that one. Use it. Once in, focus on what you’re looking for, the flag, and you’ll find it.

Honestly really overthought it… But it was easy to have one sql tool running.

Hi, I’ve found username and password values but when I log in it says: Cartographer Is Still Under Construction!

Any hint on how to continue? I’m a little bit lost…

Hi support (hehehe)

I found the session hash and a couple of php pages (one is *****.php and the other a long,long name about not being there), the status dir is also known (without permissions), I tried several fuzzy changes (logical and not so logical), sqli (full cheatsheet) and even bruteforce… I noticed that only one php injects you a cookie and now im triying to use that cookie into another path… Without success…

I owned a couple of servers and this is my second challenge and before step-by-step i was able to accomplish, but this is driving me nuts.

Sorry if there is something wrong with my comment, its my first day

I feel like a dummy because I can’t seem to figure this out. I don’t think I have even bypassed the login, did find one .php-file url of interest but that’s about it. Anyone want to PM me and give me a nod in the right direction, I feel very lost here and people here say it’s supposed to be quite simple? :stuck_out_tongue:

It’s very simple, and yes it makes you feel like ■■■■ when everyone is saying it’s simple and you can’t get around it.

Feel free to pm me, I’ll try making some riddles :slight_smile:

already completed free to PM me

took me 2 minutes to get this one

@Afolic said:
okay easy way out, after bypassing the login, think of what you are looking for in the page then try playing with the url

@Afolic said:
okay easy way out, after bypassing the login, think of what you are looking for in the page then try playing with the url

Awesome hint