 Hey, what's going on everybody? My name is John Hammond. Welcome back to the YouTube video We're still looking at the junior CTF capture the flag competition that went on this weekend This time I wanted to showcase the voting challenge, which was a 500-point web scripting challenge And the way that I saw this was like kind of cheap kind of cheating I didn't actually end up doing a whole lot of web scripting. I didn't end up doing really any technical stuff I just kind of clever in that the way that I was thinking about how myself and how other people work So the challenge from here is just some characters from Grouty Falls running with the mayor We're like running with running for mayor or whatever and before anyone can enter the pre-election headquarters Anyone can enter the pre-election headquarters, but you also need to get some votes So, yeah, it would give you this login page and initially the first time you probably enter You don't have a login so you can register one And an account and I've just been rendering registering some random things so I'd like copy and paste my username and password and Just fill out the fields like that and there was a capture that you could play with and you could even automate the capture if you entered it you'd notice that it would include the capture in the Redirection or the get request that you get back if you created a username that was already taken and I'm assuming That's how it was probably intended to be solved because you could automate Like creating accounts because you could just be able to see what the capture was and fill it out Like automatically you can program that and if you wanted to I keep getting this weird error. I honestly don't know why I can't tell if They have ran out of people or ran out of like ID numbers they can use for each individual So whatever. I'll just try and log in with an account I created earlier BIM and BIM again I had the same username and password because I was just trying to quickly run through that field So then I saw that was interesting. I had Once you're logged in you're told you have negative one votes and you can vote negative one times But individuals who have more than 250 votes will receive some interesting things from Bill. So Our goal is to get more than 250 votes. I mean, I guess that's how we can get the flag So I saw some interesting things some people already have all of these votes and I'm looking at their names and I'm looking at like I wonder if anyone I had just ran through The forum like I had and literally would just copy and paste the username into the password field So I look for like simple and unique Like I'm like simple and really easy usernames and this TTT seemed interesting So I see this TTT account and I wonder does he have the same? username and password and of course he does So it says hey you have 251 votes and you can vote 251 times check your profile because you have more than 250 votes, so you check it out and hey, here's your flag rainbow puke. That's it That was literally it So again, just some thinking I didn't do any like web Like scripting or any technical stuff. I just kind of thought Well, people have already solved this challenge and somehow I admittedly still don't even know how I don't know the intended solution of this challenge But if they have those votes and they just have a really simple username and password I can log in with Dude, that's that's game, right? I just get the flag a flag is a flag So probably a little cheap But I just wonder how many of these accounts have the same username and password that you could just log in as because it's the same thing and See if you can get their things again. Yep a a a because that's probably just copy and pasted K1 looks like he has 251 votes more than the 250 that we need k1 k1. Okay, that one has the wrong password But it took me just like looking to see people that have or accounts that have more than the needed number to get a flag And I just would log in with them under the premise. They had the same username and password so Some do some don't but I just look for simple ones that people probably just copied and pasted Like TTT or a a a a a a a a So easy not too technical of a challenge But again kind of cheap and kind of cheating in the way that I ended up solving it So whatever take it for what you will in my opinion a flag is still a flag And I mean it's still some interesting and curious thought to take note of how people probably would just copy and paste The same username and password like I would have so all right. Thanks for watching guys. Hope you enjoyed this one Again real simple, but hey quick and easy fervor to points and I'll show off some more of the later challenges as a I post more videos. So thanks for watching guys. See you later