Writeup for Logs in! Part 1

Category: Web
Author: Tom

Logs In! Part 1 was a challenge that made up the 2020 SharkyCTF CTF. We're given a link that sends us to a website build in PHP with the Symfony framework. How do I know this? They left the devtools on (notice the toolbar at the bottom).


If we hover over the @ app_main_index button, we get a small menu with a link to the main controller script that powers the page. Clicking on the link shows us the page source, where we can see a set of routes defined, two of which lead to the admin panel.


Going to the debug section of the admin panel yields the flag.