write-ups-challenges-2020-2021/break_the_gate/README.md

26 lines
1.0 KiB
Markdown
Raw Normal View History

2022-11-24 17:03:20 +00:00
# Break The Gate (1-5)
## Description
Different for each challenge
## Deployment
Place on server, write-protect `secret-database.db`
## Difficulty
*Easy*
## Solution
Per challenge, after a succesful login a cookie with the flag will apear.
1. Login details are as comment in the html
2. Login details are in a JavaScript dictionary calles `userDb`. In console you can print this variable, or you can open `script/ssdb.js`.
3. An sql-injection will get you in. Example: `" OR 1=1;` as password
4. As there are only 1000 possible combination, brute-force should go pretty fast. You can write a simple Pythin-program that sends request to [challenge-url]/4.php?try=[0->999] and compare results. (Correct code was 732)
5. The login details were send over http, meaning they were in plain text in the pcap file (open the pcap file and check the last packet)
## Flag
* IGCTF{ThatWasNotSoHard}
* IGCTF{StopHackingMySitePrettyPlease}
* IGCTF{AllHailOurLordAndSaviourPHP}
* IGCTF{I_may_have_made_this_challenge_last_night}
* IGCTF{KgonnaGoToSleepnow_Bye}