Description

We all love secrets. Without them, our lives would be dull. A student wrote a secure secret store, however he was babbling about problems with the database. Maybe I shouldn’t use the ‘admin’ account.

Solution

After some fiddling around with different SQL injection attacks to try to bypass the log in, I decided to register with the application.

I first registered with some random data. I then decided to see if it was vulnerable to column truncation attack, to log in as ‘admin’

This is trivial to exploit. First I registered with the following credentials

Username: admin                                                                                 truncate
Password: rektsec

Then I logged in with

Username: admin
Password: rektsec

And it was a success.

Flag: IW{TRUNCATION_IS_MY_FRIEND}

Note: I will write a post about why and how this works later

Rekt Sec
Read More

InternetWatche 2016 CTF - The hidden message (Misc 50)

InternetWatche 2016 CTF - The hidden message (Misc 50) Continue reading

InternetWatche 2016 CTF - Ruby's Count (Exp 50)

Published on February 22, 2016

InternetWatche 2016 CTF - Replace with Grace (Web 60)

Published on February 22, 2016