DefendTheWeb Playground Challenge Library Gateway

DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.

I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).

As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).

Challenge Library Gateway / Realistic

This challenge is rated as realistic, so it should be a bit more difficult to solve. This time the author only gives us a description followed by a “[ Library Gateway ]” button:

One of my school chums has got in a spot of bother with their school library. They borrowed a book a long time back and is getting frequent letters asking for the money that he owes for the overdue book. He is a bit on the poor side and doesn’t have the money to pay the library. Here is the link to the librarians site, please help.

After clicking on the buttom are sent to a page with a small message and a Login link:

Clicking on the Login link we are sent to another Username and Password site, which seems to be the real Library:

Inspecting this site with our Google Chrome Dev Tools (F12) we find this script:

Notice that after the username and password variables the script looks for it in the “members/” directory. Let’s try to access that directory:

Notice now that we have loads of files as the web server is allowing directory indexing. I tried to click all the files but to no avail, no information could be found, but if we get back to our script code found in the login page we notice that the authentication is done by:

URL= "members/" + username + " " + password + ".htm";

Therefore, we already have a list of users and passwords (i.e. username = anna, password = god). Notice that we also have the librarian credentials, which should be the highest user. And that is indeed the thing, if we try librarian user, we are done with the challenge.

And there you have it, I hope you liked this one. See you in the next one challenge!

Related posts