Dragon CTF 2020 Scratchpad

Scratchpad is Web challenge implementing a simple note taking application where you can authenticate, register, create/delete/edit and report a note composed of a title and a description. The application source code is available here: sources Reporting a note will make the admin authenticate with his credentials and consume the note with a firefox browser: const driver = new Builder() .forBrowser("firefox") .setFirefoxOptions( new firefox.Options() .headless() .setAlertBehavior(UserPromptHandler.DISMISS) as firefox.Options ) .build(); try { console.
Read full post

ByteBandits 2020 Notes App

For this task, a very simple Python application and its source code is provided. Sources Analysis The application let us register, login, submit a link and edit a single field “note” that will be displayed on /profile. The application code is pretty straightforward and allows us to insert markdown on our own profile page. The python code responsible for markdown rendering (md2html) is the following: @app.route("/update_notes", methods=["POST"]) @login_required def update_notes(): # markdown support!
Read full post