What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Bright Shadows - Exploit 7: "Global userkey"


Login as theblacksheep!
Username: | ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄|Login
            ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄      

  1. Since the username is 'theblacksheep', just input it and submit.
  2. And the page will show us an error message like below:
    Access Denied! Key Validation Error!
  3. Key?! Yes, there's a key using for authentication but must be hidden to us.
  4. After viewing the source code, we found that there isn't any hidden value in the form. Maybe we should check the details in HTTP Protocol.
  5. I use Chrome Developer Tools to do so. And we could discover that there's a suspicious field named 'userkey' in the HTTP header. Its value is 'd0p3fish|key|code'.
  6. Now, we need to intercept the HTTP packet and forge the header with a new field like 'userkey: d0p3fish|key|code'. There's a lot of applications and extensions could achieve our purpose. I choose Burp Suite, since it has a nice reputation for a long time and, of course, very easy to use.
    [Reference] A nice introduction article about Burp Suite:
    Here is what I had done,
  7. Well done!

No comments:

Post a Comment