[CTF] WU - LolFrokinIpad

Difficulty Level : Medium

Challenge Category : Web

Description :

Oh! Oh! Ohh! I guess this requires more of a programming kind of skills

Solution Steps

Step 1: Initial Exploration

• Navigate to the provided URL and enter any email and password combination.
• You will be redirected to a <missing>.php page.
• This redirection is a clue to enumerate the directories and files on the server.

Step 2: Directory Enumeration

Use dirb or gobuster to discover hidden directories or files. For example:

Command:

gobuster dir -u http://172.233.59.59:32842/ -w /usr/share/wordlists/dirb/common.txt

Expected Output:

• The enumeration will reveal a directory named /matrix.

Step 3: Analyze /matrix

• Access the /matrix directory.
• Inspect the page source and notice an obfuscated JavaScript code block.

Options for Analysis:

1. Deobfuscate the JavaScript:

   • Copy the obfuscated code into a JavaScript beautifier or a deobfuscation tool (e.g., https://beautifier.io).
   • Analyze the deobfuscated code to understand its functionality.

2. Shortcut with the solve() Function:

   • The obfuscated code contains a function called solve().
   • Execute the solve() function directly in the browser's console or modify the code to print the result.
   • The result will hint at appending ?source=1 to the URL to view the PHP source code.

Step 4: View PHP Source Code

Add ?source=1 to the /matrix endpoint URL:

http://172.233.59.59:32842/matrix.php?source=1

Expected Outcome:

The source code will be revealed, showing how the backend processes the payload and validates the input.

Step 5: Craft the Payload

Based on the insights from the PHP source code, construct a payload to exploit the application. Use curl to send the crafted payload:

Payload:

curl -d "test=MySup3rS3cRetP4s\$word&[email protected]&pass=\$test" http://172.233.59.59:32842/matrix.php