Skip to main content
HashnodeWalkingEclipse

Command Palette

Search for a command to run...

Postbook CTF Walkthrough

Hacker101 ctf.

Published
3 min read
Postbook CTF Walkthrough
W
WalkingEclipse

I’m Mercedez aka WalkingEclipse, a cybersecurity graduate with a B.S. in Cybersecurity and a minor in Penetration Testing. I just earned my Security+ certification and am paving my way into the field by further expanding my knowledge and technical skills. Follow my journey as I share what I’m learning, the projects I tackle, and the cybersecurity challenges I conquer along the way!

Part of seriesCTF's

Flag 0

Hints:

  • The person with username “user” has a very easy password.

Click on Sign In

Input the following:

Username: user

Password: < I think you can guess it >

Once you’ve successfully logged in, you will capture your first FLAG!

Flag 1

Hints:

  • Try viewing your own post and then see if you can change ID.

To capture this flag we have to try to view another user’s post.

This can be done by clicking on one of the posts to view it. Then change the ID # on the URL path and press Enter.

Tip: Go lower

You captured another FLAG!

Flag 2

Hints:

  • You should definitely use “Inspect Element” on the form when creating a new post.

On the Home page we need to inspect the What’s on your mind? field.

Look for the user_id and change the value.

Write something to post and click on Create post.

Now, you have captured the FLAG.

Flag 3

Hints:

  • 189*5

This flag really works our critical thinking and problem solving skills.

Find the product of this multiplication.

Then insert the product inside the URL path.

You have captured the FLAG!

Flag 4

Hints:

  • You can edit your own posts. What about someone else’s?

Right now we have user access and the only post we can see that does not belong to user is the one posted by admin.

So, let’s attempt to edit an admin post.

Click on one of your post to edit it. Then on the URL path you will have to change the ID number.

Tip: Go lower.

It should take you to the admin’s post where you can edit. I suggest you add “EDITED” on the title so you can see the difference.

Click on Save post.

You’ve captured another FLAG!

Flag 5

Hints:

  • The cookie allows you to stay signed in. Can you figure out how they work so you can sign in to user with ID 1?

To capture this flag we need to look for our cookie ID.

On the Home page right-click and Inspect.

Click on the Storage tab > look for Cookies > look for ID.

Click > copy the value.

Find a MD5 decrypt and encrypt engine by doing a quick Google search.

First you must decrypt the value to see which number it is. This will show you which user you are.

Admin must have an ID # 1.

So, now encrypt the #1 and obtain its MD5 hash.

Copy the MD5 hash for #1 and paste it in the table, replacing the other cookie ID.

Refresh the page.

FLAG 5 is now captured!

Flag 6

Hints:

  • Deleting a post seems to take an ID that is not a number. Can you figure out what it is?

We have admin access now so we must delete one of the user’s post.

  1. View one of the user’s post. Notate the post ID number.

  2. Hover over the delete button for one of the admin’s post > right click > Inspect > find the delete hash ID.

  3. Go back to the MD5 encrypt engine and generate the hash for the user’s post ID number.

  4. Copy it > paste it on the delete hash ID section.

Now click the Delete button you inspected.

The FLAG should appear!

#cybersecurity-1#hacker101#ctf-writeup#webappsecurity#hacking
1 views

CTF's

Part 2 of 2

This series covers Capture The Flag (CTF) challenges from various environments such as Hacker101, HTB, THM, and more.

Start from the beginning

A little something to get you started CTF Walkthrough

A Hacker101 ctf.

More from this blog

W

WalkingEclipse

7 posts

Cybersecurity grad (BSCyS, PenTest minor) with Security+ cert. Paving my way into the field by expanding my skills. Follow my journey of learning and growth!