หน้าเว็บ

วันจันทร์ที่ 5 กันยายน พ.ศ. 2559

MMA CTF 2nd 2016: Get the admin password! (Web) Write-up


Descriptions:
Get the admin password!
http://gap.chal.ctf.westerns.tokyo/

You can use test:test
Solution: 

1. Try to inject in user/password field such as SQL Injection it not show more information.


2. Fuzzing via BurpSuite Pro with Simple list: Fuzzing - SQL Injection by user=admin&password=[Fuzz]. and get some different length.


3. Using Google to search with keyword that we have and found the backend database is MongoDB


4. Try MongoDB Injection with user=admin&password[$ne]=1, and successfull to login as admin!


5. This challenge need a admin password, I try regex operator to guess a admin's password like user=admin&password[$regex]=^TWCTF{[Fuzz]


6. Set payload type Brute forcer with characte set in $ python -c "import string; print string.printable".


7. Set option Grep - Extract because if character is valid will return HTTP status code 302 Found to redirect to index page.


8. Start attack and found 1st character is "w" :)


9. Fuzzing to find another character of admin's password.

Flag: TWCTF{wasshoi!summer_festival!}

1 ความคิดเห็น: