Description:
Hint: think of default files when using source code management systemsSolution:
Open http://178.63.58.69:8083/ and try to login several time but return Username or Password is invalid. I back to read a hint and focus "source code management systems", I maybe mean Github because I ever read some article about this How I stole source code with Directory Indexing and Git, I should request to /.git and found something.
Try to login by user: ping and password: pong, response "Welcome ping" but not have a flag :/, Next step I look into a http header and found Cookies are so interest. Cookie: type=user; flag=df911f0151f9ef021d410b4be5060972; name=ping
In flag value (df911f0151f9ef021d410b4be5060972) after look this, I think this is MD5 because It have a-f0-9{32} and I should decrypt it!! on MD5 Decrypter.
Result is ping, It mean flag=md5(user) right? I back to read .git file and try encrypt "john" string to md5.
MD5 Encrypt:
root@ubuntu:/tmp# echo -n "john" | md5sum
527bd5b5d689e2c32ae974c6229ff785 -
root@ubuntu:/tmp#
I back to read .git again admin: john, and in cookie value have type: user I should edit this value to admin (admin: john), I use Burp Suite to intercept and modify http request. Next step request with normal cookie and click Go.
Not have a flag, I try to edit the cookie value to Cookie: type=admin; flag=527bd5b5d689e2c32ae974c6229ff785; name=john and click Go!!
Finally I got a flag.!!
Flag: a012c434d1ec6db911fda4884de14fdd
ไม่มีความคิดเห็น:
แสดงความคิดเห็น