ig-ctf-solutions/write-ups-challenges-2020-2021
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aa29972bc1
write-ups-challenges-2020-2021/break_the_gate/README.md
Robbe De Greef 9dee21c349 initial commit
2022-11-24 18:03:20 +01:00

1.0 KiB
Raw Blame History

Break The Gate (1-5)

Description

Different for each challenge

Deployment

Place on server, write-protect secret-database.db

Difficulty

Easy

Solution

Per challenge, after a succesful login a cookie with the flag will apear.

  1. Login details are as comment in the html
  2. Login details are in a JavaScript dictionary calles userDb. In console you can print this variable, or you can open script/ssdb.js.
  3. An sql-injection will get you in. Example: " OR 1=1; as password
  4. As there are only 1000 possible combination, brute-force should go pretty fast. You can write a simple Pythin-program that sends request to [challenge-url]/4.php?try=[0->999] and compare results. (Correct code was 732)
  5. The login details were send over http, meaning they were in plain text in the pcap file (open the pcap file and check the last packet)

Flag

  • IGCTF{ThatWasNotSoHard}
  • IGCTF{StopHackingMySitePrettyPlease}
  • IGCTF{AllHailOurLordAndSaviourPHP}
  • IGCTF{I_may_have_made_this_challenge_last_night}
  • IGCTF{KgonnaGoToSleepnow_Bye}