testert1ng
diff --git a/Diff for: ‎README.md
+3-1 b/Diff for: ‎README.md
+3-1
diff --git a/Diff for: ‎ticketastic_live_instance/README.md
+11 b/Diff for: ‎ticketastic_live_instance/README.md
+11
diff --git a/Diff for: ‎ticketastic_live_instance/flag0/README.md
+41 b/Diff for: ‎ticketastic_live_instance/flag0/README.md
+41
diff --git a/Diff for: ‎ticketastic_live_instance/flag0/imgs/admin.jpg
8.73 KB b/Diff for: ‎ticketastic_live_instance/flag0/imgs/admin.jpg
8.73 KB
diff --git a/Diff for: ‎ticketastic_live_instance/flag0/imgs/flag.jpg
20.1 KB b/Diff for: ‎ticketastic_live_instance/flag0/imgs/flag.jpg
20.1 KB
diff --git a/Diff for: ‎ticketastic_live_instance/flag0/imgs/index.jpg
19 KB b/Diff for: ‎ticketastic_live_instance/flag0/imgs/index.jpg
19 KB
diff --git a/Diff for: ‎ticketastic_live_instance/flag0/imgs/login.jpg
7.26 KB b/Diff for: ‎ticketastic_live_instance/flag0/imgs/login.jpg
7.26 KB
diff --git a/Diff for: ‎ticketastic_live_instance/flag0/imgs/ticket.jpg
11.6 KB b/Diff for: ‎ticketastic_live_instance/flag0/imgs/ticket.jpg
11.6 KB
@@ -13,6 +13,7 @@
 | Moderate (3 / flag) | [Micro-CMS v2][5]                          | Web    | 3 / 3      |
 | Moderate (5 / flag) | [Cody's First Blog][8]                     | Web    | 3 / 3      |
 | Easy (4 / flag)     | [Postbook][6]                              | Web    | 7 / 7      |
+| Moderate (5 / flag) | [Ticketastic: Live Instance][9]            | Web    | 1 / 2      |
 | Easy (3 / flag)     | [Petshop Pro][7]                           | Web    | 3 / 3      |
 | Moderate (5 / flag) | [TempImage][4]                             | Web    | 2 / 2      |
 
@@ -23,4 +24,5 @@
 [5]: ./micro-cms_v2
 [6]: ./postbook
 [7]: ./petshop_pro
-[8]: ./codys_first_blog
+[8]: ./codys_first_blog
+[9]: ./ticketastic_live_instance
@@ -0,0 +1,11 @@
+# Ticketastic: Live Instance
+
+## [Flag0](./flag0) -- Found
+
+- This level and the Ticketastic demo instance are running the same code
+- Take a look at addUser on the demo instance
+- What is missing?
+- Humans might read these tickets and interact with them
+- Links in tickets could be interesting
+
+## [Flag1](./flag1) -- Not Found
@@ -0,0 +1,41 @@
+# Ticketastic: Live Instance - FLAG0
+
+## 0x00 Index
+
+![](./imgs/index.jpg)
+
+## 0x01 Login
+
+Tried login with admin/admin but shows **Invalid Password**.
+
+Also tried to run a wordlist against the password. Still cannot log in.
+
+![](./imgs/login.jpg)
+
+## 0x02 Submit Ticket
+
+The only thing can be done here is to submit a ticket.
+
+As there is also a **Demo Instance** abailable for looking inside of the system. 
+
+There is a CSRF can be used here which can help to crete a new account.
+
+https://localhost/newUser?username=test&password=test&password2=test
+
+So just submit a ticket with the content below.
+
+``` html
+<a href="http://localhost/newUser?username=test&password=test&password2=test">TEST</a>
+```
+
+![](./imgs/ticket.jpg)
+
+## 0x03 Login with New Account
+
+![](./imgs/admin.jpg)
+
+## 0x04 FLAG
+
+Chek the ticket for FLAG0.
+
+![](./imgs/flag.jpg)