 |  |
 | |
 | |
 | |
 | |
 |
Oh hello there, it gives a great pleasure to announce that the dates for this year’s Wargames has been decided and registration is now open! Hop on to the registration page here for more details!
Hint: It’s as simple as getting admin privs Flag: TheBigRoundGarfuSlappedTheSmellyRac00n
Players are presented with a website of a security company. The objective of this challenge is to get admin privileges, or in other words login as the admin user. Start off by doing the usual preliminaries which includes checking the html source:
When you view the HTML source, you’ll notice a line that’s been commented out. The link will bring you to a product page which displays the products the company has to offer. The products can be manipulated via the prod GET variable. If you mess around with the values of prod, like for example:
products.php?prod=1xx
You’ll get the following error:
From here, you’ll realize that the contents/description of the product is actually read from a file. So when you have a get query like products.php?prod=1 , it’s actually reading from a file located in /products/1.txt. I bet most of you tried to exploit a RFI and realize you couldn’t, so the only sensible thing to do right now is to exploit a local file include bug. Notice that the app also appends a “.txt” extension at the end of the GET query. So if we were to exploit something like this:
products.php?prod=../login.php%00
You’ll get this:
Aha! Confirmed LFI! Remember that the hint says you need to get admin privileges. If you try to find an admin login page and you’ll stumble upon /admin/ but it redirects you back to /index.php. This confirms that the directory does exist and we just need to find a way in. So, most of you tried to read the contents of the admin index page, products.php?prod=../admin/index.php%00 hoping to get the flag but instead were greeted by this:
You didn’t expect us to make it that easy did you? :p
So, if you try looking for other entry points into the admin directory, you might stumble upon this file, /admin.php. It’s actually the login page for the admin and if you read it using the LFI bug, you’ll realize that the passwords are salted (!$^&XYZ):
Now that we’ve got the salt, we just need the hash. Always try to enumerate common directories because if you do, you’ll find a directory called /database/.
Now that we have our hash and our salt, all we have to do is to crack it. It should take less than 5 mins to crack if you’re using cain’s wordlist. Once you have the plaintext password, login as admin and you’ll be presented with the flag.
Hey boys and girls! Previously we had mentioned of a mystery prize, remember? Well, as promised we’re unveiling what it is today! NAO!!! On top of other cool things to win, our friends at System Defenders have jumped onto the bandwagon and are sponsoring a cash prize of RM2000 for this year’s cash prize. How freaking cool is that?!
With less than 2 weeks to go, sign up now and join in on the fun! Also, come and hang out with us on the IRC channel. We’re at irc.smurfnet.ch / 6667 / #wargamesmy
Hey boys and girls! Only 2 more weeks to go before WarGames 2011 starts! So far, we have 20+ teams registered and hopefully more teams will jump on the band wagon. As we had mentioned in an earlier post, there will be bonus challenges for you to solve and win HITB KL 2011 Training passes (thanks HITB!). The good news is, we’ll be releasing them earlier before the actual competition (this is the part where you say “hooray!”). The bonus challenges will be released on the 27th of June 2011. One more thing, come and hang out with us on IRC for the latest news and updates. Server: irc.smurfnet.ch / 6667 Chan: #wargamesmy
News update!! The folks at HackerspaceKL (you guys rock!) were kind enough to sponsor a Seeeduino starter kit in addition to the other prizes for this years WarGamesMY challenge. We will also be announcing another mystery prize soon and trust me, you guys would love it! Stay tuned.
What a busy year it has been for the crew so far. We’ve been working hard, side-by-side with the folks from HackerspaceKL and the new HITB CTF Crew 3.0 over the past few months and we are proud to bring you WarGames.MY! WarGames.MY is Malaysia’s first ever online CTF, by Malaysians, for Malaysians. It’s basically a 24 hours hack game featuring 18 challenges scattered across 6 categories. We do know that there are CTFs and other security games in Malaysia but they all require the team/person to be physically there. So figured what the heck, let’s do an online CTF. We’re planning to make this a yearly event and hopefully it’ll grow bigger and bigger as years progress. Since this is the first year, we’re only opening it for Malaysians. Eventually we’ll open the competition for the whole world once we manage to acquire the right hardware and infrastructure. We’d also like to thank Hack In The Box for supporting this event and also to another sponsor who wishes to remain anonymous. So, regardless if you’re a student or a professional pentester, as long as you hold a Malaysian passport and you are physically in Malaysia, come on and join in on the fun. It’s free and you’ve got nothing to lose. We’ll also be hanging around IRC for those who wish to make contact with us.
|
|
| WarGames.MY / 2011 |