Web Challenges JerseyCTF
Solution:- We have given a log file to analyze and a straightforward description. Download the log file and open it in your prefered text editor. I opened the log file in my notepad.
By reading the description carefully, we need to identify an IP Address and wrap the IP Address in flag format in order to submit the flag.
So In this case, I observed the file little bit and understood that in the log file there is only 2 response code which is 404 and 200. We know that 200 response is ok means this request is accessed by the external host. And the 404 response is not found means the request is not found at all.
So obviously the 200 response we are looking for right? Use the simple technique to find all 200 response. Press Ctrl + f to search for specific data. In the input field type 200 and click Find Next.
You will find only four 200 (three 200 response and one 200 which is belongs to an IP Address). First and second 200 response files looks useless. See the screenshot:-
And we don’t need other 200 which belongs to an IP Address. So the last 200 response is useful. Look at the file name called bankrecords.pdf which is definitely a sensitive file.
And we got the flag.
Solution:- As the description says Seigward has been storing a secrets on the website. So let’s headover to the website first. You will find a login form with a username and password field.
If you try to login with most default credentials username= admin and password= admin in the website you will get a popup message saying nice try Derrick.
Let’s try to read view source:-
Just Decode the base64 code using this website https://www.base64decode.org/ and Submit the flag.
Solution:- After reading the description we understand that we need to bruteforce the a login page. And they provide us a users.txt file which contains 500 username and only one password. We need to bruteforce 500 usernames with just one password.
To perform a bruteforce attack I prefer burpsutie intruder. First intercept the request and send the request to intruder. The go to the position tab and click onthe Clear button. This will clear default selection. After clearing default selection select only username and password and click on the Add button to bruteforce. This will select only username and password. And select the Attack type to Cluster Bomb.
Now it’s time to combine username and password to start bruteforce attack. To do that go to the Payload tab. You will see that the cluster bomb attack type gaves us 2 payload set. On first payload set load the 500 usernames. To do that click the Load button and find the users.txt file. After that copy the password go to the second payload set and click on Paste button and click on Start Attack to start the bruteforce attack.
Hold on, there is a lot of response with same status code. So how do we know the correct response? By simply clicking on the Length button twice you will see the different length 798.
We got the username Wolverine.
Now let’s login with this credentials. You can see a popup message gives us the flag.