nullCon CTF 2023
nullCon CTF 2023 Web ๐ TYpical Boss In this challenge, it was noticeable that if you accessed the main directory โ/โ of the challengeโs website, the web server would render all the files and directories present on the page (including a file named database.db, which was an SQLite database). As soon as I found this file, I analyzed its contents until I discovered the hashed password of the admin. This hash (in SHA-1) started with a very famous prefix known for its vulnerabilities in PHP, namely 0e. In fact, the password would be interpreted by PHP as a number, specifically 0. The only way I had to bypass the login was to find a SHA-1 hash that also started with 0e. This is one useful repository with a lot of these hashes: Repository ...