>>54141656
The hints I got was that it uses encrypted passwords, and the solution is most likely in php/sql injection. I only tried the latter, but to no avail.

File: Screenshot_2016-04-20-19-25-07.png (122 KB, 1440x2560) Image search: [Google]

122 KB, 1440x2560

Fuck fuck fuck
You didn't tell me the feds were watching this!

>>54141844
rest in penis
>gets arrested for dub possession

>>54141844
heh
It only gets thrown if you leave either field blank

>>54141844
>>54141947
Anyway, thanks for trying

>>54141844
it ogrer man, say hello to thad for me

>>54141656
I don't see anything in source code or headers that hints at login credentials. Are we supposed to try and brute force it?

I guess there could be a SQL injection possible, but don't want to try it.

>>54141975
>I guess there could be a SQL injection possible
how would you inject the SQL?? you surely cant do it through the loign screen

>>54142014
SQL injection can happen wherever user inputs POST data. A login form fits this description.

>>54142014
nvm, thought it was wordpress login from pictures. anyways, do you know the DB structure?

>>54142059
thought it was wordpress, and they do secure the login from sqlinjection

>>54142014
admin' AND 1=1; --

fucking moron script kiddie

>>54141656

I'm guessing the solution has something to do with PHP Object Injection, because instructions were found on the open port 2001

http://213.136.66.86:2001/

>>54142121
how'd you go about finding that

>>54142014
you can if the author of the server side code is autistic and running a query directly from the form (thats how I was originally taught back in '02 in a local webdesign class.)

I doubt he is, but beginners will be beginners

File: computer-kid.jpg (26 KB, 600x400) Image search: [Google]

26 KB, 600x400

>>54142076
>i thought sqlinjection was a wordpress thing

oh dear.

>yfw

>>54142121
That's actually a different task.
It uses php serialization, and I had to overdefine Example2, with setting $hook="print_flag();" in its __wakeup function.
Have fun trying them all: avatao.com, path: web security bootstrapping

>>54142121
if (isset($this->hook)) eval($this->hook);

well, you can inject code with eval function

>>54142207
nice reading comprehension

>>54142118
I'm either a complete idiot or you are.
What exactly goes in the two fields?

File: Screenshot - 210416 - 08:54:33.png (32 KB, 1035x207) Image search: [Google]

32 KB, 1035x207

You need to pass a serialized SQL injection.

>>Boring.

>>54142206
The srever-side code is as mentioned in the task "contains a number of amateur mistakes"

>>54142246

Here's some serialized input that you can SQL inject into.

8:"IGETDESERIALIZEDANDPASSEDTOSQL"

>>54142235
admin' AND 1=1 ; -- goes into the username field; nothing goes into the password field because of the '--(space)' at the end which tells the DB to ignore the next field(some may actually require you to put something in there)

Learn about SQL please

Nice spoilers, retard.

>>54142372
Have you actually tried it?
It's protected against such low-quality attacks.
An empty password field generates a failed2 state, while anything else just fails.

>>54142383
Go fuck yourself

Faggot cuck eat a nigger dick

>>54142430
>so much butthurt

Stay mad, retard.

>>54142312
Can you please elaborate for a guy that's about 20 minutes in learning php?

>>54142449
>butthurt

You need to be 18 or older to view this site.

>>54142450
no him but wanted to say I don't know what "serialized" SQL means either - I assume it has something to do with cleaning the input data or something.

>>54142421
leaving either field empty will generate failed2

File: Screenshot - 210416 - 09:19:24.png (55 KB, 1366x768) Image search: [Google]

55 KB, 1366x768

I AM WINRAR

flag{OhYesLittleBobbyTablesWeCallHim}

>>54142525
grats, I'm guessing you got some hints/clues from the owasp website?

>>54142525
>OhYesLittleBobbyTablesWeCallHim
Thanks!
What was the way?

>>54142543
it's down now tho

>>54142574
Oh, yeah, submitting the solution shuts down the site.
Here's a new one:
http://213.136.66.86:34042/

>>54142464
Keep on shitposting,babby, it won't change the fact that you're obviously retarded.

File: Screenshot - 210416 - 09:24:01.png (98 KB, 1366x768) Image search: [Google]

98 KB, 1366x768

>>54142543
>>54142548

This is what I do :^)

Input was s:4:"OR 1=1--"

>>54142256
>http://213.136.66.86:34032/
yeah you can use sqllite injection completely, I was playing around with it when it went down.

Is some dickhead dos attacking it or can it not handle 4chan's load

SOMEONE PULLED THE PLUG!!
AM I IN DANGER?
IS THIS THE FBI?

>>54142635
read: >>54142593
it was a puppet all along

>>54142618
>Burp Suite
This guy knows what's up

>>54142635
>>54142653
also: avatao.com; search for Web Security Bootstrapping

File: GettyImages_497307871_resized.jpg (784 KB, 1861x1183) Image search: [Google]

784 KB, 1861x1183

>>54142661

You'll never catch me.

>>54142676
Too late
I created a GUI in Perl and now I can track your IP

>>54142652
AM I BEING DETAINED???!!!?!?!?!!

>>54141656
Who fucking ddossed the server?

>>54142711
>connection refused
hurrgurr its DDOS'd

read >>54142593

>>54141656
Thanks for the solution
reopened site at http://213.136.66.86:34032/
get more at:
https://platform.avatao.com/paths/0f0005e1-89d5-45a8-a5b0-32f11407e1be

File: Screenshot - 210416 - 09:34:50.png (59 KB, 649x399) Image search: [Google]

59 KB, 649x399

>>54142700

You just had to ask, my IP is 192.168.1.28

>>54142771
;)

File: screenshot.png (141 KB, 662x449) Image search: [Google]

141 KB, 662x449

>>54142771
Well, mine is 152.66.221.72
Public IPv4 is wonderful
I'm pretty sure that I'm secure, but you can always try.

>>54142744
>0:"OR 1--"

about the simplest answer I think

File: 10637587_10207524180934598_426664678_n.jpg (29 KB, 852x480) Image search: [Google]

29 KB, 852x480

>>54142907
Nigga I ain't clicking that shit

File: vny4xen.png (1013 KB, 500x1917) Image search: [Google]

1013 KB, 500x1917

>>54142907
>>54142548
>>54142543

Did you guys know that MacDonald's buildyourburger doesn't validate user input properly?