2012 the third session of the Xidian University network attack
Competition and network penetration part of the Customs Clearance program
V2.0
Southern Sword
Cyberpolice
Http://weibo.com/nanguojian
Objective:
This competition by the West Electricity Information Security Association host official site: https://csc.xdsec.org
10.1-10.15 Day. The registration period expires on October 10. Please allocate time reasonably for the participating team. --xdsec
0x000
First off: Local off JavaScript to view the Web page source, the arrow refers to the part of the encryption part of the hexadecimal encryption
The decryption was key:f1rstpa5skey.
0x001
Second off local intercept view packets know that a cookie needs to be decrypted
Visual for hex encryption decrypted (zzbozxhuzg8wcm==), this is not the final result, judged as Base64 encryption, through Base64 decryption learned for g0nextdo0r
Get the final cookie value modify the local cookie submission to log into the system.
0x002
The third is
Modify head Content-language:en as prompted
Resubmit, enter system to get key
0X003
The four-off for the hint please login needs to log in to view locally intercepted packets
Attempt to change cookie admin=0 to Admin=1, login successfully
0x004
Five for a login page, enter the password box, need to crack
Check the bottom of the source code, you can find the password dictionary
Download it, load into the hack tool run password
0x005
The six-off estimate is to look for access data, based on tips <!--tips:conn.inc-->
?? Need further analysis!!
0x006
Seventh off is based on the exported Sam crack password
H4CKER:1004:C4FB857DAAF137F088BE239044A684C5:4708EEA5CCA17F195EE8EACA40153F5B:::
Run your own Rainbow watch.
Result is
71dd0709187df68befd20973fc23f973
4708eea5cca17f195ee8eaca40153f5b
0x007
Eighth off a login box, bypassing logging in
Account number is admin ' or ' = ' or '/**
Password: Random input
You can log in. Visual inspection for Dvwa Vulnerability Walkthrough environment;
0x008
The key is to get the clear text password for admin at the Nineth off prompt.
Inject bypass get admin password
Have
N1md4
0x009
Tenth close a PHP file, you need to intercept the local 00 truncation modify the packet before uploading the success
The answer is then back to a key;
2012 the third session of Xidian University network attack and Defense competition and network infiltration part of the clearance scheme V2.0