Wednesday, September 12, 2012

Solution for bright-shadows.net : Exploit 01 Easy Starter

Solution for bright-shadows.net : Exploit 01 Easy Starter

This is the link to the original challenge http://www.bright-shadows.net/challenges/exploit_long/index.php
However, you will need to register before you can make an attempt to solve this.


Tools Used: Tamper Data or Firefox Console

This is an easy warmup.

We are presented with a login page and a clue stating that the username should be at least 5 characters long but less than 20.

Let's try passing in invalid usernames.

Login with a username with less than 5 characters.
An alert box pops up saying that this is not the solution.




Next lets try logging in with a username which is more than 20 characters.
Here is where the problem is. The form input restricts the max length to 20 characters.

There is 2 ways to bypass this.

1)  Tamper Data

Tamper Data is a addon for Firefox. I highly recommend to install this addon as it will help with many of the exploit challenges on bright-shadows.net

Using Tamper Data, we can tamper the post parameters that are sent after the submit button is clicked.

2) Firefox Console

If you are using Firefox, you can bring up the Firefox console (Ctrl + Shift + K).

After which type the javascript command "document.forms[0].elements['input_user'].maxLength = 30;" into the console. This alters the html document and the form now allows you to enter up to 30 characters in the username field.

Using either method, submit a username that is longer than 20 characters and the resulting "error" page gives you the correct username and password to login with.

Enjoy =D

thegrayone

No comments:

Post a Comment