My Second CTF

Challenge Description

Solution

ffuf -w wordlist_rot2.txt -u http://challenge.nahamcon.com:31297/FUZZ/ -x http://127.0.0.1:8080 -s                                                           
fgdwi  [Status: 200, Size: 48, Words: 2, Lines: 1, Duration: 289ms]

curl -iL http://challenge.nahamcon.com:31297/fgdwi/
HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 24 May 2025 13:14:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.28
 
{"status":"error","message":"Missing parameter"}

Fuzz for parameters

ffuf -w wordlist_rot2.txt -u 'http://challenge.nahamcon.com:31297/fgdwi/?FUZZ=' -x http://127.0.0.1:8080 -fs 48
 
eqphkto [Status: 200, Size: 49, Words: 1, Lines: 1, Duration: 289ms]

curl -iL 'http://challenge.nahamcon.com:31297/fgdwi/?eqphkto='
HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 24 May 2025 13:18:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.28
 
{"flag":"flag{9078bae810c524673a331aeb58fb0ebc}"}

Checkout:

event	NahamCon25
category	WEB
author	haashish
tags	rot

0xSolves

Recent Writeups

My First CTF

My Second CTF

My Third CTF

The Best Butler

Free Flags

Recent Events

NahamCon25

SwampCTF25

My Second CTF

Solution

Graph View

Table of Contents

Backlinks

Recent Writeups

Recent Events

My Second CTF

Solution

Related

Graph View

Table of Contents

Backlinks