SwampCTF 2019 Writeups

SwampCTF 2019 Writeups

SwampCTF

DataVault

Description

Andrew, a data courier and PHP diehard, has secret data that he can’t have falling into the ZaibatsuCorp’s hands. Fortunately, we’ve established an online datalink with his wetware.

We’ve exposed the module’s access interface here: chal1.swampctf.com:1233

Can you bypass his CraniumStorage security module before he wakes up?

-= Created by andrewjkerr =-

Solution

Accesing the provided link, the following page is shown:

When Submit was pressed, a POST request was sent to the server containing:

password=yourinput

After playing arround a bit, we discovered that we could break the application by passing an array as the password.

password[]=

This means that strcmp was barfing a NULL by comparing an array to a string, and type juggling probably came into play, making NULL==0 true

Flag: flag{wHy_d03S-php_d0-T41S}

 

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

cuatro × cuatro =

A %d blogueros les gusta esto: