หน้าเว็บ

วันจันทร์ที่ 5 กันยายน พ.ศ. 2559

MMA CTF 2nd 2016: Get the admin password! (Web) Write-up


Descriptions:
Get the admin password!
http://gap.chal.ctf.westerns.tokyo/

You can use test:test
Solution: 

1. Try to inject in user/password field such as SQL Injection it not show more information.


2. Fuzzing via BurpSuite Pro with Simple list: Fuzzing - SQL Injection by user=admin&password=[Fuzz]. and get some different length.


3. Using Google to search with keyword that we have and found the backend database is MongoDB


4. Try MongoDB Injection with user=admin&password[$ne]=1, and successfull to login as admin!


5. This challenge need a admin password, I try regex operator to guess a admin's password like user=admin&password[$regex]=^TWCTF{[Fuzz]


6. Set payload type Brute forcer with characte set in $ python -c "import string; print string.printable".


7. Set option Grep - Extract because if character is valid will return HTTP status code 302 Found to redirect to index page.


8. Start attack and found 1st character is "w" :)


9. Fuzzing to find another character of admin's password.

Flag: TWCTF{wasshoi!summer_festival!}

1 ความคิดเห็น:

  1. I was very happy to find this site. I really enjoyed reading this article today and think it might be one of the best articles I have read so far. I wanted to thank you for this excellent reading !! I really enjoy every part and have bookmarked you to see the new things you post. Well done for this excellent article. Please keep this work of the same quality.
    Data Science Course in Bangalore

    ตอบลบ