codys blog flag1

Author: testert1ng

README.md

@@ -11,7 +11,7 @@
 | Trivial (1 / flag)  | [A little something to get you started][2] | Web    | 1 / 1      |
 | Easy (2 / flag)     | [Micro-CMS v1][3]                          | Web    | 4 / 4      |
 | Moderate (3 / flag) | [Micro-CMS v2][5]                          | Web    | 3 / 3      |
-| Moderate (5 / flag) | [Cody's First Blog][8]                     | Web    | 1 / 3      |
+| Moderate (5 / flag) | [Cody's First Blog][8]                     | Web    | 2 / 3      |
 | Easy (4 / flag)     | [Postbook][6]                              | Web    | 7 / 7      |
 | Easy (3 / flag)     | [Petshop Pro][7]                           | Web    | 3 / 3      |
 | Moderate (5 / flag) | [TempImage][4]                             | Web    | 2 / 2      |

codys_first_blog/README.md

@@ -6,6 +6,10 @@
 - Figuring out what platform this is running on may give you some ideas
 - Code injection usually doesn't work
 
-## [Flag1](./flag1) -- Not Found
+## [Flag1](./flag1) -- Found
+
+- Make sure you check everything you're provided
+- Unused code can often lead to information you wouldn't otherwise get
+- Simple guessing might help you out
 
 ## [Flag2](./flag2) -- Not Found

codys_first_blog/flag1/README.md

@@ -0,0 +1,27 @@
+# Cody's First Blog - FLAG1
+
+## 0x00 Home
+
+![](..flag0/imgs/home.jpg)
+
+## 0x01 Check the Source
+
+Press **F12** to check the source.
+
+![](./imgs/source.jpg)
+
+An admin login address shows up.
+
+## 0x02 Visit Admin Page
+
+http://127.0.0.1/xxxxxxxxxx/?page=admin.auth.inc
+
+![](./imgs/admin.jpg)
+
+## 0x03 FLAG
+
+Try remove **auth** from the url.
+
+http://127.0.0.1/xxxxxxxxxx/?page=admin.inc
+
+![](./imgs/flag.jpg)