This is the third challenge. Difficulty level is set to moderate and we need to find three flags.
The first thing I did was click on Micro-CMS Changelog. What it mentioned is "users need to be an admin to add or edit pages now." When I tried to edit, it took me to the login page. Ofcourse, no credentials were provided and we have to find a way around this. This is where the SQL injection could come in handy. I tried with very simple case of SQL injection
abc' OR '1' = '1 with some random password abc. This gave an error: "invalid password".
I looked for the hint at this point of time. First hint was "Regular users can only see public pages". This means to get the flag I need to get through this login page and access page which is not listed in public above. But still I couldn't figure out the mechanism to get through. So took another hint, which was "Getting admin access might require a more perfect union". Here it was the clue. I need to use the union operator to break this system. I tried following
There is private page now listed in the page. When I clicked there... Voila! the flag :D
I also took the last hint even though the things were done. It said
Knowing the password is cool, but there are other approaches that might be easier
abc' OR '1' = '1 with some random password abc. This gave an error: "invalid password".
I looked for the hint at this point of time. First hint was "Regular users can only see public pages". This means to get the flag I need to get through this login page and access page which is not listed in public above. But still I couldn't figure out the mechanism to get through. So took another hint, which was "Getting admin access might require a more perfect union". Here it was the clue. I need to use the union operator to break this system. I tried following
username: bar' UNION SELECT "aaa" as password FROM admins where '1' = '1
password: aaa
Login was successful
There is private page now listed in the page. When I clicked there... Voila! the flag :D
I also took the last hint even though the things were done. It said
Knowing the password is cool, but there are other approaches that might be easier
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
ReplyDelete(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @killhacks
ICQ> 752822040
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Keylogger & Keystroke Logger
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo
*If you need a valid vendor it's very prime chance, you'll never be disappointed*
CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
Myclassnotes: Hacker101 Ctf: Micro-Cms V2 - Part 1 >>>>> Download Now
ReplyDelete>>>>> Download Full
Myclassnotes: Hacker101 Ctf: Micro-Cms V2 - Part 1 >>>>> Download LINK
>>>>> Download Now
Myclassnotes: Hacker101 Ctf: Micro-Cms V2 - Part 1 >>>>> Download Full
>>>>> Download LINK z5