History

Robbe De Greef 9dee21c349 initial commit		2022-11-24 18:03:20 +01:00
..
css	initial commit	2022-11-24 18:03:20 +01:00
img	initial commit	2022-11-24 18:03:20 +01:00
script	initial commit	2022-11-24 18:03:20 +01:00
1.php	initial commit	2022-11-24 18:03:20 +01:00
2.php	initial commit	2022-11-24 18:03:20 +01:00
3.php	initial commit	2022-11-24 18:03:20 +01:00
4.php	initial commit	2022-11-24 18:03:20 +01:00
5.php	initial commit	2022-11-24 18:03:20 +01:00
authenticateLevel.php	initial commit	2022-11-24 18:03:20 +01:00
final.php	initial commit	2022-11-24 18:03:20 +01:00
flags.php	initial commit	2022-11-24 18:03:20 +01:00
index.php	initial commit	2022-11-24 18:03:20 +01:00
README.md	initial commit	2022-11-24 18:03:20 +01:00
secretDataBase.db	initial commit	2022-11-24 18:03:20 +01:00

Break The Gate (1-5)

Description

Different for each challenge

Place on server, write-protect secret-database.db

Easy

Per challenge, after a succesful login a cookie with the flag will apear.

Login details are as comment in the html
Login details are in a JavaScript dictionary calles userDb. In console you can print this variable, or you can open script/ssdb.js.
An sql-injection will get you in. Example: " OR 1=1; as password
As there are only 1000 possible combination, brute-force should go pretty fast. You can write a simple Pythin-program that sends request to [challenge-url]/4.php?try=[0->999] and compare results. (Correct code was 732)
The login details were send over http, meaning they were in plain text in the pcap file (open the pcap file and check the last packet)