Realist

Hi, i’ve been playing this ctf and i got stuck after login in at the webpage, i found a possible [Th1b4ud : spoil] but i can’t bypass the security, so i thought that maybe i should go for [Th1b4ud : spoil] first, there i found that the webpage ask for a passphrase and it also sets you a new cookie, so i have been trying almost all day to find the pass, fuzzing the parameter passphrase (did it with a lot of wordlists and nothing, i always get the message "Passphrase do not match") and finally i’ve been trying length extension attack but also nothing...

So i’m not sure if i’m missing something or if i should keep trying to bypass the [Th1b4ud : spoil] or keep fuzzing until i find the passphrase, if someone could give me a hint i will appreciate it, thanks!

Keep trying to bypass

Hi,

I’m starting to wonder whether the host is properly configured to be able to solve this challenge. There was another question about the X.509 certificate that isn’t actually solved and it’s possible to self-XSS, but there doesn’t seem to be a way to introspect properly on this one.

Th1b4ud, an you confirm it’s solvable as is?

Thanks

No you are on the wrong way