Follow us on X (formerly Twitter)

Task 1 - Introduction

Q1. Deploy the target VM attached to this task by pressing the green Start Machine button. We will use the machine's generated IP address later at the end of the room.

No Answer Needed

Task 2 - Understanding SOP

Q1. What policy instructs web browsers how they should interact between web pages?

Same origin policy

Learn more about Same Origin Policy - SOP

Answer 👉 Same-origin Policy

Task 3 - Understanding CORS

Q1. What HTTP header specifies which domains are allowed to access the resources hosted in its server?

SOP header, Access control allow origin

Learn more about Cross-Origin-Resource-Sharing (CORS)

Answer 👉 Access-Control-Allow-Origin

Task 4 - ACAO in depth

Q1. What origin configuration permits requests from any origin, is the least secure configuration, and should be used cautiously?

Wildcard value of origin

Answer 👉 Wildcard Origin

Task 5 - Common Misconfigurations

Q1. What CORS misconfiguration occurs when a server accepts requests from the "null" origin?

Null Origin misconfiguration

Answer 👉 Null Origin Misconfiguration

Task 6 - Lab Connection

Q1. I've modified my hosts file.

No Answer Needed

Task 7 - Arbitrary Origin

Q1. What is the flag from arbitrary.php?

No Answer Needed

Task 8 - Bad Regex in Origin

Q1. What is the flag from badregex.php?

No Answer Needed

Task 9 - Null Origin

Q1. What is the flag from null.php?

No Answer Needed

Task 10 - Conclusion

Q1. I can now exploit CORS and SOP-related vulnerabilities!

No Answer Needed

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell

© 2024 cyberuniversity.tech. All rights reserved.Term of service, Privacy Policy