CtfLearn.com Web challenges..
Hello everyone,let’s solve CtfLearn.com web challenges easy,medium and hard levels.
This says about sql injection.Now let’s try to get the flag using sql injection.
we have an input field.Now let’s try to do some basic sql injection.
“ ‘ or 1=1 — “
Let’s submit.and it will give something like this..
Done…There is your flag…
This Says about the methods.So we have to send the following data using post method.
So this says this site takes only post requests.Inorder to send a post request im going to create a html form.
So we have username and password here.so Now let’s create html form .
open this html file in firefox and click on submit.we’ll get our flag.
This challenge is currently broken according to my knowledge….Once i get it i’ll post the writeup here.
Don’t Bump You Head(er):
we need to bypass the security.Now let’s try to open the url given .
Ok this site says that we’ve used a wrong user agent.Look at the source code.
In the comments we can see the useragent .now let’s fireup burpsuite to edit the header.
So this is our request header.Now send this header to repeater.In repeater we’ll edit and send this request to the server.
Now,copy the user agent from the source code and paste it here.Now let’s see the response from the server.
as you can observe,this site again says you are not from “awesomesauce.com”.Ok Now add a refere to to get the flag.
After sending the request to the server with referer in the header it will gives us the flag.
Copy the flag and paste it and it’s done.
So here’s the Thing..It;s a sql injection.Now let’s try to get the database..
OK this is how it looks.For this we need to use sqlmap and burp.Let’s fireup our burp.
So this is our request header.Now let’s save it in a text file.We’ll use this text file as a input for our sqlmap.
Ok this gives us the name of the database..
Ok we have two databases here.Now let’s Dump all the tables inside the webeight database.
By using the above command we’ll get the tables that are in the webeight.Ok i’ve got these.
There is a table “w0w_y0u_f0und_m3”.we’ll dump all the information in this table to get our flag..
So by using above command we’ll get the flag..
Copy the flag and submit it….
So this challenge is quite easy to solve.First let’s see what inside that website..
This a calculator.Quickly Let’s fireup our Burp to have a look on what’s going on the back.Before that Let’s have a look at the source code.
OK it’s a script.Now let’s calculate some hypothetical mathematics.
Now let’s see header in Brupsuite.
So as u can see the request header.Now let’s send this Header to the repeater to start our attack.i’ve tried to stop the script and sent “ls” command to see if this script is command injection vulnerable.
So that gave me the flag.
Copy the flag and paste it..
Follow for more stuff about Hacking: