[WEB] Cartographer

Hint: after bypassing the login, go for the place that you are looking for, literally!

nice challenge :slight_smile:

Tip on people already f*****g this box and not getting it: it’s not in “common” wordlists you’re probably trying, because this is a CTF machine and not real world-- it’s not there. But your on the right track.

Definitely overthought this one once I was in there. LOL!

Type your comment> @Agent22 said:

@typing said:
"Cartographer Is Still Under Construction! " True or just some tricks on the link?

Are you searching flag ? :wink:

hahaha wow that was quite the nudge!

bang! banging bang! my bang! head bang! against bang! a bang! wall.

It was that simple

so simple, yet deceptively hard… clever

Facepalmed myself so hard when I got it. But its sooo simple…

It was simple and that’s an example that the tools aren’t always the best way. It’s better understand the concept…

So, question and hopefully not a spoiler; but why didn’t webpage enumeration tools like dirb and dirbuster not produce results that would have helped sufficiently? I got the flag, so I don’t need hints to find it - just trying to understand the challenge better.

Simple, but i wasted a lot of time since i thought the database error was part of the challenge. (it’s not, need to restart the instance)

Is cartographer working?, when I try to do anything with the login I get this error: Database Error: No such file or directory

my initial thought would be to fuzz the parameter’s value, however the server response of 302 didn’t seem to provide the needed output. Anyone have a tool that could have found this value instead of just guessing or people telling them what the value is?

I went into a rabbit hole of dumping a database, on a plus side I know a real user name and password, but it was slooow. Awesome challenge.

The things I thought of at first as the simplest possible login bypass weren’t working, so I initially wrote them off, but turns out the very first thing I tried was right all along. Try doing what your first thought is in a slightly different way.

Easy challenge

Type your comment> @RichSphinx said:

Is cartographer working?, when I try to do anything with the login I get this error: Database Error: No such file or directory

Any news on that because i am getting the same thing now and i am positive that when i initially started the challenge this wan not the case

Could anyone please confirm that “Database Error: Permission denied” is the expected login failed message? It looks like a server down, in that case I will open a support ticket.

Type your comment> @shaggyz said:

Could anyone please confirm that “Database Error: Permission denied” is the expected login failed message? It looks like a server down, in that case I will open a support ticket.

This is occurring for me too. No matter what I enter it comes with the same response.

I get the same problem… I don’t think it’s part of the challenge