Adjustment From Play to Work

Today is the first day of school as my life as a grade 12 student commences. All throughout the summer, I never knew that I would feel much of the sadness that had stricken me earlier at school. It…

Smartphone

独家优惠奖金 100% 高达 1 BTC + 180 免费旋转




Hackcon 2017

When following the link, a login page is provided which asks for username and password.

when we try to submit some random username and password, it shows

As the question says that gedit is being used, I searched for any temporary files used by gedit.
Apparently the temporary file of gedit is <filename>~ i.e name of file proceeded by a “~” sign. From the url, we can see that the php file is “checker.php”.
Therefore the temporary file should be “checker.php~”. When tried to access the file, we get checker.php file.

It is clearly string comparison vulnerability. Therefore when given input as: username = 0
password = 0e1

When following the link, we are provided with another login page

After several tries of sql injection, xss and other attacks, I decided to take a look at the cookies. But there are no cookies on the page. Maybe the cookies had expired!!
So I used “curl” with -I option to get cookies if there are any as the page loads.

We get a total of 438 cookies. As we can see that the set cookie parameter contains the characters:
. — + %2B %3C %3E %5D

When url decoded, the characters are: . — + [ ] < >

Clearly, these are the characters of brainfuck. So after combining all decoded cookies we get a brainfuck message. When decoded, we get the following message:
username: abERsdhw password: HHealskdwwpr

I hate JS, I seriously do. It is a mess.

The task provided us with zip file named ihatejs.js.zip. When we unzip the file, we find a js file named ihatejs.js.

The file contained a lot of js code.
I simply copied all the js code and paste it in the console of google chrome.

The flag was printed on the console (pretty easy)

The flag was: d4rk{ccjccpbsvrafrcatbpchjydiio}c0de

Add a comment

Related posts:

Biodanza as a modern ritual

While standing in front of the huge pyramid of Kukulkan in the Mayan city of Chichen Itza in the south of Mexico, where the Mayan god descends from the top of the pyramid in form of light, I…

GREEN CAMPUS UNISA

Green campus adalah salah satu konsep yang digunakan oleh Unisa Yogyakarta agar terciptanya suatu lingkungan yang bersih dan sehat. Untuk mewujudkan kampus hijau tidak hanya dengan kampus yang…

The Summer of YES

I said yes. I said yes to everything. To the lake-house. Twice. To the soccer tournament in Hershey and the wedding in the Catskills. I said yes to the playdates we normally have to say no to. I said…