Can you even crack this site?
http://213.136.66.86:34032/
[spoiler]yes, it's a school assignment[/spoiler]
>>54141656
The hints I got was that it uses encrypted passwords, and the solution is most likely in php/sql injection. I only tried the latter, but to no avail.
Fuck fuck fuck
You didn't tell me the feds were watching this!
>>54141844
rest in penis
>gets arrested for dub possession
>>54141844
heh
It only gets thrown if you leave either field blank
>>54141844
>>54141947
Anyway, thanks for trying
>>54141844
it ogrer man, say hello to thad for me
>>54141656
I don't see anything in source code or headers that hints at login credentials. Are we supposed to try and brute force it?
I guess there could be a SQL injection possible, but don't want to try it.
>>54141975
>I guess there could be a SQL injection possible
how would you inject the SQL?? you surely cant do it through the loign screen
>>54142014
SQL injection can happen wherever user inputs POST data. A login form fits this description.
>>54142014
nvm, thought it was wordpress login from pictures. anyways, do you know the DB structure?
>>54142059
thought it was wordpress, and they do secure the login from sqlinjection
>>54142014
admin' AND 1=1; --
fucking moron script kiddie
>>54141656
I'm guessing the solution has something to do with PHP Object Injection, because instructions were found on the open port 2001
http://213.136.66.86:2001/
>>54142121
how'd you go about finding that
>>54142014
you can if the author of the server side code is autistic and running a query directly from the form (thats how I was originally taught back in '02 in a local webdesign class.)
I doubt he is, but beginners will be beginners
>>54142076
>i thought sqlinjection was a wordpress thing
oh dear.
>yfw
>>54142121
That's actually a different task.
It uses php serialization, and I had to overdefine Example2, with setting $hook="print_flag();" in its __wakeup function.
Have fun trying them all: avatao.com, path: web security bootstrapping
>>54142121
if (isset($this->hook)) eval($this->hook);
well, you can inject code with eval function
>>54142207
nice reading comprehension
>>54142118
I'm either a complete idiot or you are.
What exactly goes in the two fields?
You need to pass a serialized SQL injection.
>>Boring.
>>54142206
The srever-side code is as mentioned in the task "contains a number of amateur mistakes"
>>54142246
Here's some serialized input that you can SQL inject into.
8:"IGETDESERIALIZEDANDPASSEDTOSQL"
>>54142235
admin' AND 1=1 ; -- goes into the username field; nothing goes into the password field because of the '--(space)' at the end which tells the DB to ignore the next field(some may actually require you to put something in there)
Learn about SQL please
Nice spoilers, retard.
>>54142372
Have you actually tried it?
It's protected against such low-quality attacks.
An empty password field generates a failed2 state, while anything else just fails.
>>54142383
Go fuck yourself
Faggot cuck eat a nigger dick
>>54142430
>so much butthurt
Stay mad, retard.
>>54142312
Can you please elaborate for a guy that's about 20 minutes in learning php?
>>54142449
>butthurt
You need to be 18 or older to view this site.
>>54142450
no him but wanted to say I don't know what "serialized" SQL means either - I assume it has something to do with cleaning the input data or something.
>>54142421
leaving either field empty will generate failed2
I AM WINRAR
flag{OhYesLittleBobbyTablesWeCallHim}
>>54142525
grats, I'm guessing you got some hints/clues from the owasp website?
>>54142525
>OhYesLittleBobbyTablesWeCallHim
Thanks!
What was the way?
>>54142543
it's down now tho
>>54142574
Oh, yeah, submitting the solution shuts down the site.
Here's a new one:
http://213.136.66.86:34042/
>>54142464
Keep on shitposting,babby, it won't change the fact that you're obviously retarded.
>>54142543
>>54142548
This is what I do :^)
Input was s:4:"OR 1=1--"
>>54142256
>http://213.136.66.86:34032/
yeah you can use sqllite injection completely, I was playing around with it when it went down.
Is some dickhead dos attacking it or can it not handle 4chan's load
SOMEONE PULLED THE PLUG!!
AM I IN DANGER?
IS THIS THE FBI?
>>54142635
read: >>54142593
it was a puppet all along
>>54142618
>Burp Suite
This guy knows what's up
>>54142635
>>54142653
also: avatao.com; search for Web Security Bootstrapping
>>54142661
You'll never catch me.
>>54142676
Too late
I created a GUI in Perl and now I can track your IP
>>54142652
AM I BEING DETAINED???!!!?!?!?!!
>>54141656
Who fucking ddossed the server?
>>54142711
>connection refused
hurrgurr its DDOS'd
read >>54142593
>>54141656
Thanks for the solution
reopened site at http://213.136.66.86:34032/
get more at:
https://platform.avatao.com/paths/0f0005e1-89d5-45a8-a5b0-32f11407e1be
>>54142700
You just had to ask, my IP is 192.168.1.28
>>54142771
Well, mine is 152.66.221.72
Public IPv4 is wonderful
I'm pretty sure that I'm secure, but you can always try.
>>54142744
>0:"OR 1--"
about the simplest answer I think
>>54142907
Nigga I ain't clicking that shit
>>54142907
>>54142548
>>54142543
Did you guys know that MacDonald's buildyourburger doesn't validate user input properly?