“Passwords are a thing of the past. Now with ‘Say Cheese and Authenticate’ you can allow your users to login via a secure login page by using an image instead of a password.“
I created a CTF project for the Patchstack Alliance’s Capture the Flag Event in October, 2024. This involved setting up a hackable WordPress instance on Docker which could be attacked by the players looking to win a share of the generous prize funds.
This was the first CTF project i’d built, so I tried to think of an innovative plugin which was built with the objective of streamlining parts of the site, but in reality compromised the site to unauthenticated visitors.
Project Summary
I decided to build a plugin which allowed users to upload an image via a settings page, and then re-use this image on logging in (rather than logging in with their password). Sounds secure right? Well unfortunately it was not secure enough for the hackers, and it was the second most solved (out of 6) in the CTF event.
Rather than explain the attack scenario to solve the project, I have shared Dimas Maulina’s solve summary.
https://dimas0305.notion.site/Patchstack-Alliance-CTF-S01E01-14848583e65d80f5a51bfc90908e7e6b