Points: 600
Web Exploitation
There is a website running at http://2018shell1.picoctf.com:19054 (link). We need to get into any user for a flag!
Try looking past the typical vulnerabilities. Think about possible programming mistakes.
going to the site, upon inspection, we notice a comment stating
<!--Proudly maintained by lum-->
assuming that the user has an account, we can then attempt to rest the password. we will be asked a few questions, to find the answer, i just did a simple google search for the popular answers
What is your favourite car make
What is your favourite food?
What is your favourite color? white
What is your favourite superhero? thor
using that, we can gain access and change the password and proceed to login
picoCTF{i_thought_i_could_remember_those_cb4afc2a}