sakouk.me

Writeups | Blog | About-adam-sakouk

2024

Alien_transmission
[388] <Forensics/>
Bro_visited_his_site
[358] <web/>
Bro_visited_his_site_2
[460] <web/>
Cult_classic_1
[343] <Crypto/>
Cult_classic_2
[864] <Crypto/>
Dizzy_fisherman
[899] <Crypto/>
Do_not_trust
[100] <web/>
Exclusively_yours
[826] <Crypto/>
Head_empty
[842] <Forensics/>
Into_the_atmosphere
[853] <osint/>
Phase_coffee_1
[296] <pwn/>
Phase_coffee_2
[487] <pwn/>
Phase_coffee_3
[655] <pwn/>
Really_special_awawawas
[917] <Crypto/>
Rev1
[748] <rev/>
Secret_engineering_roleplay
[842] <osint/>
Stalknights_1
[100] <osint/>
Stalknights_3
[632] <osint/>
Stalknights_4
[890] <osint/>
Stalknights_5
[973] <osint/>
Super_fan
[957] <osint/>
The_real_truth
[810] <Forensics/>
The_real_truth_2
[896] <Forensics/>
Vlookup_hot_singles
[100] <web/>
Vlookup_hot_singles_2
[914] <web/>
You're_based
[937] <Crypto/>

jellyCTF

Bro_visited_his_site_2 [460 pts]

Writeup author: lolmenow

Difficulty: easy

Provided files: N/A (same as first version)

Url: https://bro-visited-his-site.jellyc.tf/

Description: ok, but can you get /app/flag.txt

This is exactly the same vulnerability as the first edition of this challenge, please read that before continuing here.

Using the same payload as the last challenge, we can just modify it to read /app/flag.txt

Once done, we are presented with:

jellyCTF{rc3p1lled_t3mpl4te_1nj3ct10nmaxx3r}pilled jellyCTF{rc3p1lled_t3mpl4te_1nj3ct10nmaxx3r}maxxer

And there is our flag!

Final flag: jellyCTF{rc3p1lled_t3mpl4te_1nj3ct10nmaxx3r}