Given Challenges looking like this, entering one of that files opens it Looking closer to the URL we can see that it’s most likely some type of file inclusion challenge Trying standard LFI stuff seems to be a success As you can see, we can access ‘/etc/passwd’, soo… what can we do? First thing comes […]
Tag: LFI
[Overthewire] – Natas6,7,8
http://natas6.natas.labs.overthewire.org/ username : natas6 password : aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1 Tampilan pertama halaman web adalah seperti dibawah ini Terdapat sebuah field untuk memasukkan input dan link untuk menuju source codenya di http://natas6.natas.labs.overthewire.org/index-source.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
<html> <head> <!-- This stuff in the header has nothing to do with the level --> <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css"> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" /> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" /> <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script> <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script> <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script> <script>var wechallinfo = { "level": "natas6", "pass": "<censored>" };</script></head> <body> <h1>natas6</h1> <div id="content"> <? include "includes/secret.inc"; if(array_key_exists("submit", $_POST)) { if($secret == $_POST['secret']) { print "Access granted. The password for natas7 is <censored>"; } else { print "Wrong secret"; } } ?> <form method=post> Input secret: <input name=secret><br> <input type=submit name=submit> </form> <div id="viewsource"><a href="index-source.html">View sourcecode</a></div> </div> </body> </html> |
Ditengah terdapat sebuah code php yang akan saya jelaskan, pertama codenya melakukan include sebuah file di folder includes bernama secret.inc , kemudian melakukan pengecekan jika input sudah […]
[TIKAD CTF 2018]: Situs Yang Bocor
Saya diberikan sebuah website dan source code sebagai berikut: Source Code : WEB: Dan dari website saya diberikan clue “There’s a flag here but it’s in the source code.. can you pull it out? PHP is quite weird about filters I hear”, nah dari clue tersebut saya dapat menyimpulkan bahwa website tersebut mempunya kelemahan dalam […]
Protected: [CTFS.ME]: Blue Eyes
There is no excerpt because this is a protected post.