bruteforce – PETIR CYBER SECURITY

Writeup Reference https://github.com/shiltemann/CTF-writeups-public/tree/master/PicoCTF_2018#web-exploitation-650-a-simple-question Challenge Description : There is a website running at http://2018shell1.picoctf.com:36052 (link). Try to see if you can answer its question. Tampilan pertama setelah meng-klik link diatas adalah : Pertama penulis mengecek source code yang tertera :

<!doctype html>
<html>
<head>
    <title>Question</title>
    <link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
</head>
<body>
<div class="container">
    <div class="row">
        <div class="col-md-12">
            <div class="panel panel-primary" style="margin-top:50px">
                <div class="panel-heading">
                    <h3 class="panel-title">A Simple Question</h3>
                </div>
                <div class="panel-body">
                    <div>
                        What is the answer?
                    </div>  
                    <form action="answer2.php" method="POST">
<!-- source code is in answer2.phps -->
                        <fieldset>
                            <div class="form-group">
                                <div class="controls">
                                    <input id="answer" name="answer" class="form-control">
                                </div>
                            </div>

                            <input type="hidden" name="debug" value="0">

                            <div class="form-actions">
                                <input type="submit" value="Answer" class="btn btn-primary">
                            </div>
                        </fieldset>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
</body>
</html>

<!doctype html>

<html>

<head>

<title>Question</title>

</head>

<body>

<h3 class="panel-title">A Simple Question</h3>

</div>

<div>

What is the answer?

</div>

</div>

</div>

</fieldset>

</form>

</div>

</body>

</html>

<!– source code is in answer2.phps –> Mari kita buka , didapat

<?php
  include "config.php";
  ini_set('error_reporting', E_ALL);
  ini_set('display_errors', 'On');

  $answer = $_POST["answer"];
  $debug = $_POST["debug"];
  $query = "SELECT * FROM answers WHERE answer='$answer'";
  echo "<pre>";
  echo "SQL query: ", htmlspecialchars($query), "\n";
  echo "</pre>";
?>
<?php
  $con = new SQLite3($database_file);
  $result = $con->query($query);

  $row = $result->fetchArray();
  if($answer == $CANARY)  {
    echo "<h1>Perfect!</h1>";
    echo "<p>Your flag is: $FLAG</p>";
  }
  elseif ($row) {
    echo "<h1>You are so close.</h1>";
  } else {
    echo "<h1>Wrong.</h1>";
  }
?>

<?php

include "config.php";

ini_set('error_reporting', E_ALL);

ini_set('display_errors', 'On');

$answer = $_POST["answer"];

$debug = $_POST["debug"];

$query = "SELECT * FROM answers WHERE answer='$answer'";

echo "<pre>";

echo "SQL query: ", htmlspecialchars($query), "\n";

echo "</pre>";

<?php

$con = new SQLite3($database_file);

$result = $con->query($query);

$row = $result->fetchArray();

if($answer == $CANARY) {

echo "<h1>Perfect!</h1>";

echo "<p>Your flag is: $FLAG</p>";

}

elseif ($row) {

echo "<h1>You are so close.</h1>";

} else {

echo "<h1>Wrong.</h1>";

}

Dari source code tersebut, dapat diketahui […]

Tag: bruteforce

[PicoCTF2018] – A Simple Question

[TJCTF2019] – Moar Horse 2

[Vulnhub] – DC-2

[BCACTF19] – basic-pass-3