Petshop Pro CTF Writeup

Posted May 25, 2024 Updated Jan 5, 2025

By Hunter Mann 1 min read

Write-up for Hacker101 CTF

Hints

Flag0

Something looks out of place with checkout
It’s always nice to get free stuff

Flag1

There must be a way to administer the app
Tools may help you find the entrypoint
Tools are also great for finding credentials

Flag2

Always test every input
Bugs don’t always appear in a plafe where the data is entered

Methodology

Lessons Learned

I learned how localhost can be used to access files on remote systems. This knowledge helped me validate that I was thinking about a couple of things in the right way, but that I just needed a little more help and information to see the full picture on what is going on under the hood on PHP servers .

Helpful Links/Articles

Include statement Information

ctf, Web Penetration Testing

This post is licensed under CC BY 4.0 by the author.