HackMe #2 - Learn Webhacking

Hello and welcome my burning flammes!

I decided to make “HackMe” to a series and just finished testing and scripting the challenge for today.

Let’s start

Mission

Todays Mission isn't the easiest. You could see your new cookie with the name "Password" didn't you?

You have to insert a script that sends you this cookie of other persons. It’s not importent how you do this, but this time the webmaster used htmlentities() to be “secure” (He isn’t). Also the script shouldn’t be conspicuous. But more information you have to get on your own!

Accepted parameters of site:

Post:
  • Post
  • Name

Get:

  • None

Victims' URL:

DELETED

Help:

Ask or do your own research :wink:
5 Likes

Just looked what is done after 3 clicks on the link :joy:

Nice work with the “dontclickmipls” Link. It was fun to click on it :+1:

I will delete some nonfuncinal after time

(Content not really controlled)

LOL. I’m still new to this but it’s hella fun.

2 Likes

It’s made to have fun by learning and try ’ instead of " :wink:

1 Like

Holy shit, I think I broke something LOL.

Just have repaired it

That DoS though. Good stuff.

1 Like

I have a bad feeling about the possibilities :scream:

Just kidding

Did you enable the ENT_QUOTES switch?

No because I’m a bad Webmaster :stuck_out_tongue_winking_eye:

I am enjoying these. It would be cool if you did a little writeup for each mini ctf on how you did it (for those who didn’t find it first time).

3 Likes

Really like these challenges. Looking forward to increasing difficulties in the future. The current level is perfect for beginners and if the learning curve isn’t too steep, this could really become an awesome noob-to-semi-pro series :smiley:

1 Like

Solution is on the site under Link number 310 :stuck_out_tongue_winking_eye:

First Password: SUESVJY508qVpSflLEyT6UjXbVMYviDn

k3kt.

2 Likes

Good work :+1:
It works a little bit conspicuos, but it’s working :wink:

Other Passwords:
lkKtCLjYX2C87dWH0aVn3apdZ0v8F0D1
GOBPsR8YGkgHhwVMP0kmzmkyWfEPxoBe

'Cause a problem with Bplaced I will move HackMe to another Domain. I will give you the URL when finished.

2 Likes

Finally made the code for using it on your own webserver after a lot of time. I didn’t feel like I want to do it, but today I said: “Let’s do it before this topic is totally non-sense”.
Here are the files:
https://www.dropbox.com/sh/eoh24siduwgmekr/AAA_OILJy5_Tdd-4kWLdPjz-a?dl=0

You can use it as you want but for the right feeling only import the hackme2.sql under the tabell name “HackMe1” and change the password.php file for the right database connection.

And can somebody close this topic?