DEV Community

DaNeil C
DaNeil C

Posted on • Edited on

7 1

0x00SEC CTF - Exercise #3

This weekend I took a dive into 0x00Sec's new bi-monthly CTF.

Note::: NO, I won't be posting the found flag{}, but I will be posting the methods I used.


  • CTF Name: Exercise #3
  • Resource: 0x00SEC
  • Difficulty: Easy
  • Number of Flags: 1

Flag0

  • Hint: Note in the Source Code of
    <!-- TODO: -->
    <!-- * Implement secure object references -->

  • Acquired By:

    • First thing to do is to just to look at the source code. This shows nothing specific except the hint. All scripts are bootstrap that are being used and nothing looks custom.Alt Text
    • Second thing is to see what it happening when a login is attempted with a "test:test" username:password combo. This showed that there was a "Cookie: PHPSESSID" that was being passed to the application but unlike the previous exercise, this appeared to be a random number and not holding any user information like "admin" or "login=true".
    • Third: I actually played around a bit with looking up information on "Information disclosure" as there didn't seem to be any way to register or login without knowing the log in and I didn't want to just keep trying random things. Sadly this didn't really give me any hints so I consulted my bf.
    • After talking to my bf I stumbled on trying the "admin:admin" for the "username: password" and that logged me right in...
    • So after that I was able to see the "admin" was actually user_id=5.Alt Text
    • Now that I tested out different user_id numbers to see if one of them had the flag and after a few different id numbers there it was. Alt Text

Thoughts

This was easy once I got the admin:admin login. I'm a bit irritated that I didn't think of trying that combo as I had been trying admin username with other passwords, but I did get it.
Once logged in this allowed me to find the insecure object references of the user_ids and find the code.

Learned

This CTF taught me a tad about secure object references but more so about trying admin:admin for the username and password on these CTFs...
¯_(ツ)_/¯


Happy Hacking

Resources

  1. https://ctf.0x00sec.org/
Please Note that I am still learning. If something that I have stated is incorrect please let me know. I would love to learn more about what I may not understand fully.

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay