Solution for Net-Force.nl : Level 403 - Source Cooking!
This is the link to the original challenge: http://www.net-force.nl/challenge/level403/index.php
Quest:
Gain access to this script!
Challenge
Btw, we've got a new option to view the source of this page! Neat eh?
View Source
Tools Required:
Cookie Manager+ - https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
Logic Behind the Challenge:
Let's take a look at the source of that page and we can see the following source code as shown in the image below.
So if we change the parameter from index.html to http://www.net-force.nl/challenge/level403/source.php?url=challenge.php
All that was returned is "Only HTML files allowed!"
Hmmm..let's try doing a null-byte injection "%00.html" without the double quotes right behind the url again. Null Byte Injection is an active exploitation technique that was used very frequently in the past to bypass sanity checking filters.
This time round, we smelled some success here.
Ahhh...this seems much easier now. So it expects a cookie with the md5 hash value of NetForce.
Ok, let's fire up Cookie Manager+ and add in the following cookie.
After we have added the cookie, let's try to access the challenge.php page again and this time round, you should see the password, CookieMonster
I do hope that someone learned something from here.
Gain access to this script!
Challenge
Btw, we've got a new option to view the source of this page! Neat eh?
View Source
Tools Required:
Cookie Manager+ - https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
Logic Behind the Challenge:
Let's take a look at the source of that page and we can see the following source code as shown in the image below.
So if we change the parameter from index.html to http://www.net-force.nl/challenge/level403/source.php?url=challenge.php
All that was returned is "Only HTML files allowed!"
Hmmm..let's try doing a null-byte injection "%00.html" without the double quotes right behind the url again. Null Byte Injection is an active exploitation technique that was used very frequently in the past to bypass sanity checking filters.
This time round, we smelled some success here.
Ahhh...this seems much easier now. So it expects a cookie with the md5 hash value of NetForce.
Ok, let's fire up Cookie Manager+ and add in the following cookie.
After we have added the cookie, let's try to access the challenge.php page again and this time round, you should see the password, CookieMonster
I do hope that someone learned something from here.
Cheers
0x4A61636F62
No comments:
Post a Comment