หน้าเว็บ

วันจันทร์ที่ 5 กันยายน พ.ศ. 2559

MMA CTF 2nd 2016: Get the admin password! (Web) Write-up

Descriptions:
Get the admin password!
http://gap.chal.ctf.westerns.tokyo/

You can use test:test
Solution: 

1. Try to inject in user/password field such as SQL Injection it not show more information.


2. Fuzzing via BurpSuite Pro with Simple list: Fuzzing - SQL Injection by user=admin&password=[Fuzz]. and get some different length.


3. Using Google to search with keyword that we have and found the backend database is MongoDB


4. Try MongoDB Injection with user=admin&password[$ne]=1, and successfull to login as admin!


5. This challenge need a admin password, I try regex operator to guess a admin's password like user=admin&password[$regex]=^TWCTF{[Fuzz]


6. Set payload type Brute forcer with characte set in $ python -c "import string; print string.printable".


7. Set option Grep - Extract because if character is valid will return HTTP status code 302 Found to redirect to index page.


8. Start attack and found 1st character is "w" :)


9. Fuzzing to find another character of admin's password.

Flag: TWCTF{wasshoi!summer_festival!}

MMA CTF 2nd 2016: glance (Misc) Write-up

Descriptions:
I saw this through a gap of the door on a train.
Solution: 

1. Get a animation gif file and go to http://gifmaker.me/exploder/ for split gif to frame.


2. I want to concat all gif image and go to www.google.com, search and get some command that usefull. http://stackoverflow.com/questions/20737061/merge-images-side-by-sidehorizontally



3. convert +append *.gif out.png



Flag: TWCTF{Bliss by Charles O'Rear}