Monday, June 3, 2013

Codegate 2013 :: Web #3 (300 points)

This was the third challenge under the web category which was worth 300 points. The challenge began with a letter addressed to Sherlock Holmes.
The objective of this challenge was to play the role of Sherlock Holmes and to figure out who and when the person asked the hacker group to hack “Hound Co.,Ltd.”.

Examination of the site revealed there was a suspicious Javascript file secret.js which was the first lead gathered for this challenge. However the code was clearly obfuscated as shown below. 

Contents of secret.js:
The obfuscated code was easily deobfuscated by http://jsbeautifier.org/ :)
Line 8 of this Javascript exposed the hidden php file, d56b699830e77ba53855679cb1d252da.php, which was revealed as a popup after the “Grey” logo was clicked for 10 times. In fact this was the login form. The challenge would be to find the login credentials to gain access to the restricted area.

Candy: md5(login) = d56b699830e77ba53855679cb1d252da

Examination of the site did not show any obvious sign of possible SQL injection flaw. Do you know of any tools that can assist you to look for such flaws?



There are several tools that can automate the process of detecting and exploiting SQL injection flaws and sqlmap, an open source penetration testing tool, is the tool widely used for this purpose.

Command used to identify time-based blind sqli with parameter “question”:
Subsequently commands were issued to identify the databases, tables and table entries:
Put the passwords through md5 decrypter to be decrypted:
Logged in with the credentials for victor and solved the mystery! 300 points in the bag. Yay!

Cheers,
Braeburn Ladny

No comments:

Post a Comment