Ahh, a simple Web attack problem:
[URL FROM GAME]
Lara Anderton needs to break into PreCrime to free her husband, but they just installed a fancy new security system. Help her break into it!
Browsing to the website presented a simple username/password form. Exploiting web sites presents many different avenues when looking at a black box (aka no source). First? Look at the HTML presented to the user's web browser. In this case, nothing stands out. Next step? Maybe try some blind SQLi? How about watching the traffic from the browser?
Firing up Wireshark showed that web browser was given a plaintext cookie with the active username, and a field called auth which was set to 0. I think we just found our avenue. There are mutliple ways of manipulating the HTTP headers, but in this case I used Burp proxy since I had it lying around.
When the browser sent over the next request, using the Intercepting Proxy, I modified the Cookie to "auth=1;user=admin" and the following response had the key response: "c4ca4238a0b923820dcc509a6f75849b".
No comments:
Post a Comment