Tag: web

LOTTERY ASIS-CTF-2014 Web-100 writeup

Screenshot from 2014-10-23 18:28:07

This question it the basic of the web challenge if we go to the link given above we usually get a message like this when we visit the page for the first time ๐Ÿ™‚

Screenshot from 2014-10-23 21:06:49

As the page says let’s visit the page for the second time ๐Ÿ™‚

Screenshot from 2014-10-23 21:11:10

So here comes the lottery which says that we are 2444th visitor and we need to become the 1234567890th visitor to get the lottery also with the clue saying that don’t hack cookies. We should be always doing the thing that we are not supposed to do so let’s try hacking the cookies. But the first thing we need to do when we see a web question is to view the source page of the given question ๐Ÿ™‚ but when you see the source page you will understand that there is no other way to find the visitor number except the cookie ๐Ÿ™‚

If you not aware what a cookie is find about itย http://en.wikipedia.org/wiki/HTTP_cookie

I have a cool tool which is called as “edit this cookie” to edit the cookies you can get it in the chrome store atย https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en

if you look at the cookie named Visitor you will see a value like this which is url encoded

MjQ1Njo3Y2Y2NDM3OWViNmYyOWE0ZDI1YzRiNmEyZGY3MTNlNA%3D%3D

for more details about it visit this wiki page of the URL encoding http://en.wikipedia.org/wiki/Percent-encoding

If you have doubt why we should use the URL encoding this link will give the answer to youย http://stackoverflow.com/questions/4667942/why-should-i-use-urlencode

If you decode it using any tool, I use this online toolย http://www.url-encode-decode.com/

The decoded result will be like this

MjQ1Njo3Y2Y2NDM3OWViNmYyOWE0ZDI1YzRiNmEyZGY3MTNlNA==

which again seems to be like a base64 encoding if you decode it the output looks like this

2456:7cf64379eb6f29a4d25c4b6a2df713e4

2456 seems our number which we visited so if we could change the number to 1234567890 we could win the lottery (get the flag ๐Ÿ˜€ )
The number after the 2456 is nothing but the md5sum of the number 2456 ๐Ÿ™‚

so

1234567890:e807f1fcf82d132f9bb018ca6738a19f

is the one we need to make the value of the cookie to base64

MTIzNDU2Nzg5MDplODA3ZjFmY2Y4MmQxMzJmOWJiMDE4Y2E2NzM4YTE5Zg==

and finally we need to encode it with URL encoding which looks like

MTIzNDU2Nzg5MDplODA3ZjFmY2Y4MmQxMzJmOWJiMDE4Y2E2NzM4YTE5Zg%3D%3D

so if you submit the cookie and refresh the page you get the flag as

ASIS_9f1af649f25108144fc38a01f8767c0c

Here is the screenshot of the flag ๐Ÿ™‚

Screenshot from 2014-10-24 19:13:47