Thursday, July 5, 2012

Solution for Net-Force.nl : Level 402 - Oops, a typo...

Solution for Net-Force.nl : Level 402 - Oops, a typo...

This is the link to the original challenge: http://www.net-force.nl/challenge/level402/

Quest:
This challenge consists of two parts.

Just start here.

Required Tools:
Live HTTP Headers - http://livehttpheaders.mozdev.org/

Logic Behind the Challenge:
When we try to access http://www.net-force.nl/challenge/level402/protected.php
We will see the following image:
From the error in the image, it seems that it is expecting some sort of input variable, ip and that ip had to be from 213.75.238.147
Ok, let's try feeding a parameter to the url like this:
http://www.net-force.nl/challenge/level402/protected.php?ip=213.75.238.147

By doing so, we have solved 1 half of the challenge and we will see this.
Congratz...You have solved the first part :)

Proceed

If we access the link given directly, we will land up on 
http://www.net-force.nl/challenge/level402/auth.php?denied
The clue is "Access Denied"

Maybe let's try to view it with Live HTTP Headers


It seems to us that it's trying to do a GET to 
http://www.net-force.nl/challenge/level402/auth.php?show=no
Then it redirect us to

http://www.net-force.nl/challenge/level402/auth.php?denied

So the question now for us is...what if we change value for parameter, show, to yes instead of no

The url would look like this:
http://www.net-force.nl/challenge/level402/auth.php?show=yes

Doing so and we will be greeted with 
The password is: expl017
So there we have it, the password for this particular challenge is expl017
 
Cheers
0x4A61636F62

No comments:

Post a Comment