View Larger Image

SimpleAuth4 min read

Welcome back on Exploitnetworking. SimpleAuth is a web challenge of TokyoWesterns CTF. The base of this challenge is manipulate the php function parse_str to bypass auth control and get the flag. Below there is the source code of back-and:

Copy to Clipboard

For print the flag, our goal is bypass this condiction:

Copy to Clipboard

Only way to bypass it is set hashed_password variable. For this purpose we can use parse_str function, and set hashed_password in url whitout set user and pass. In this way we have hashed_password equal to hash value. Then we can use this url:

Copy to Clipboard

And get the flag:

Copy to Clipboard

For privacy reasons Facebook needs your permission to be loaded.

window.fbAsyncInit = function() { fusion_resize_page_widget(); jQuery( window ).resize( function() { fusion_resize_page_widget(); }); function fusion_resize_page_widget() { var $container_width = jQuery( '.facebook-like-widget-2' ).width(); if ( 1 > $container_width ) { $container_width = 268; } if ( $container_width != jQuery('.facebook-like-widget-2 .fb-page' ).data( 'width' ) && $container_width != jQuery('.facebook-like-widget-2 .fb-page' ).data( 'original-width' ) ) { jQuery('.facebook-like-widget-2 .fb-page' ).attr( 'data-width', $container_width ); if ( 'undefined' !== typeof FB ) { FB.XFBML.parse(); } } } }; ( function( d, s, id ) { var js, fjs = d.getElementsByTagName( s )[0]; if ( d.getElementById( id ) ) { return; } js = d.createElement( s ); js.id = id; js.src = "https://connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.11&appId=552203291901961"; fjs.parentNode.insertBefore( js, fjs ); }( document, 'script', 'facebook-jssdk' ) );

Daniele Scanu2018-09-03T19:56:44+02:00

About the Author: Daniele Scanu

Leave A Comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.