Thursday, July 5, 2012

Solution for Net-Force.nl : Level 403 - Source Cooking!

Solution for Net-Force.nl : Level 403 - Source Cooking!

This is the link to the original challenge: http://www.net-force.nl/challenge/level403/index.php

Quest:
Gain access to this script!

Challenge


Btw, we've got a new option to view the source of this page! Neat eh?

View Source
 

Tools Required:
Cookie Manager+ - https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
 
Logic Behind the Challenge:
Let's take a look at the source of that page and we can see the following source code as shown in the image below.




So if we change the parameter from index.html to http://www.net-force.nl/challenge/level403/source.php?url=challenge.php


All that was returned is "Only HTML files allowed!"

Hmmm..let's try doing a null-byte injection "%00.html" without the double quotes right behind the url again. Null Byte Injection is an active exploitation technique that was used very frequently in the past to bypass sanity checking filters.

This time round, we smelled some success here.


Ahhh...this seems much easier now. So it expects a cookie with the md5 hash value of NetForce.


Ok, let's fire up Cookie Manager+ and add in the following cookie.



After we have added the cookie, let's try to access the challenge.php page again and this time round, you should see the password, CookieMonster




I do hope that someone learned something from here.


Cheers
0x4A61636F62

No comments:

Post a Comment