write-ups-challenges-2020-2021/break_the_gate
2022-11-24 18:03:20 +01:00
..
css initial commit 2022-11-24 18:03:20 +01:00
img initial commit 2022-11-24 18:03:20 +01:00
script initial commit 2022-11-24 18:03:20 +01:00
1.php initial commit 2022-11-24 18:03:20 +01:00
2.php initial commit 2022-11-24 18:03:20 +01:00
3.php initial commit 2022-11-24 18:03:20 +01:00
4.php initial commit 2022-11-24 18:03:20 +01:00
5.php initial commit 2022-11-24 18:03:20 +01:00
authenticateLevel.php initial commit 2022-11-24 18:03:20 +01:00
final.php initial commit 2022-11-24 18:03:20 +01:00
flags.php initial commit 2022-11-24 18:03:20 +01:00
index.php initial commit 2022-11-24 18:03:20 +01:00
README.md initial commit 2022-11-24 18:03:20 +01:00
secretDataBase.db initial commit 2022-11-24 18:03:20 +01:00

Break The Gate (1-5)

Description

Different for each challenge

Deployment

Place on server, write-protect secret-database.db

Difficulty

Easy

Solution

Per challenge, after a succesful login a cookie with the flag will apear.

  1. Login details are as comment in the html
  2. Login details are in a JavaScript dictionary calles userDb. In console you can print this variable, or you can open script/ssdb.js.
  3. An sql-injection will get you in. Example: " OR 1=1; as password
  4. As there are only 1000 possible combination, brute-force should go pretty fast. You can write a simple Pythin-program that sends request to [challenge-url]/4.php?try=[0->999] and compare results. (Correct code was 732)
  5. The login details were send over http, meaning they were in plain text in the pcap file (open the pcap file and check the last packet)

Flag

  • IGCTF{ThatWasNotSoHard}
  • IGCTF{StopHackingMySitePrettyPlease}
  • IGCTF{AllHailOurLordAndSaviourPHP}
  • IGCTF{I_may_have_made_this_challenge_last_night}
  • IGCTF{KgonnaGoToSleepnow_Bye}