Windows shell? ZOMG!
The following is a batch script authentication system. Your goal here is to get the batch script to authenticate you by inputting a password into the field. For this extbasic, your goal is to circumvent authentication altogether. Decrypting the password is for extbasic11.
- This challenge wanna you to circumvent authentication of the script, which means you need to bypass the validation process.
- Check the code below, the first thing you have to do is making the code jump to END label directly, and the second thing is setting the variable PASSWORDVALUE equal to 1065435274.
ENDLOCAL&IF NOT %PASSWORDVALUE%==1065435274 GOTO :ACCESSDENIED
- Then you will get authentication successfully.
ECHO You have been authenticated. Welcome aboard!
- Let's check another part of the script, which is the process to address user input.
SET /P INPUT=Insert password:
IF "%INPUT%"=="" "%~0"
- The IF statement will check empty user input and loop again until user input something. The most important thing you need to focus is the comparison statement use double quotes.
- So, you can inject your code by making the variable INPUT equals to "=="" blah-blah , then the IF statement will be like below.
IF ""=="" blah-blah "=="" "%~0"
- Let's accomplish our goal now. Input the injection code below and check.
"=="" SET PASSWORDVALUE=1065435274 && GOTO :END_
(the underline symbol at the end of the injection means a white space)
- It's done.