webhacking.kr - 0ldzombie challenge writeup 6
Jun 13, 2015 •
webchallenges,
0ldzombie
0ldzombie has a great collection of
Webhacking challenges which ranges from very basic ones to some very advanced attacks. We really enjoyed playing the challenges and here are the writeups.
So now we have reached level 6 and the journey till now was quite challenging but enjoyable. Challenges by 0ldzombie is much better than several other web hacking challenges out there. Each level teaches us so much new information. Let us hope the future challenges will be even better.
Note:
I am putting up the write up so that if you are not able to complete the challenges after trying for awhile, you can refer to the solution to see how I did it. Please don’t look into the solution before you try out the challenges by yourself.
The moment we open the challenge 6 page, first thing we see is the hint as base64
. Well, base64 is an encoding and can be easily brought back to plain text. Also, the challenge page points us to index.phps
. Let us see what is inside the source code:
So what is happening here? The first time look at the source code can be a bit frightening for those who are not well versed with PHP but its very easy. Basically, they take the word guest and will base64 encode it continuously for 20 times. After that numbers from 1 - 8 in the strings are replaced with some characters as shown in the code. Then when they decode the cookie, they first change the characters back and will base64 decode 20 times to get the original string back. Then if the values of username and password are admin
, then we have solved the challenge successfully. Since I love python very much, I wrote a simple program which gives us the username/password combination we need to use in the cookies:
Grab the script from Github
Now as you know the value of username/password combination to use. Simply modify the cookie value to what we have generated and the problem will be solved. If you solved the challenge in an easier way, do let me know. Let us share and learn :)
Anirudh Anand
Product Security ♥ | CTF - @teambi0s | Security Trainer - @7asecurity | certs - eWDP, OSCP, OSWE