HellBoundHackers, or simply HBH, is a very famous and well-known security challenge based website. It contains challenges from several different cybersecurity fields.
I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).
As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).
Web Hacking Challenge 5
This time the author provides us with a lot of information, followed by two input fields, respectively a “Username:Password” and an “E-mail” field with its submit buttons. The instruction is:
Welcome to Asterix-Protect
Asterix-Protect is an email search system that uses this new type of Asterix database to match your search and uses the same type of form like a login. And Asterix-Protect its a login system which also uses this advanced type Asterix database to match your username:password, this is a project that just started… If something is wrong or you have found a bug in our product, please contact us at problems@Asterix-Protect.org.
So I guess now we just need to find either a Username:Password or an E-mail. Let’s use our Google Chrome Dev Tools (F12) to check the code to see if we can find something interesting.
Notice that Username:Password input field is validated by “25.php” file, and “Search an E-mail:” field is validated by “24.php” file. Accessing these files directly will give us an error. Also notice that in the code snippet we have a comment “<!—attention admin: * is a wildcard –>“. So probably “admin” is the user we were looking for, so let’s find the password.
When trying to include “*” in the E-mail search field, this is what we get:
Error 2231:username=* and password=*
We couldn’t match your search, please check your spelling or the email doesnt exist
We also receive an error trying the email given in the description “problems@Asterix-Protect.org”. I’ve also tried “*@*” in email, and “*:*” in username:password field, to no avail.
Finally if we try “*@*:*” in the username:password, by changing the “.” in the email by a “:” and it worked. THere we have it. Not very straightforward as I would want but …
See ya in the next challenge.