Saturday 6 June 2020

HSCTF 7 (web : Debt Simulator) Writeup

I visited the Page which looked like this: 

First i tried out what the website is doing.
When I clicked on the button, it adds or subtracts a value and show how much I won or lost.

Next I opened the developer tools went to the network tab and reloaded the website.
When I then clicked the button, I saw a request is being sent to https://debt-simulator-login-backend.web.hsctf.com/yolo_0000000000001.


I opened this page and it showed me a response from a request.



The content of this response were a functions parameter with a list that contained 'getPay',
'getCost' and 'getgetgetgetgetgetgetgetgetFlag'.
The last one seemed really suspicious to me.
Then I started Burpsuite, opened a new project and went to the first URL again.
When I now clicked the button, Burp intercepted the request and 
I saw 'function=getPay' at the bottom.


After changing getPay to getgetgetgetgetgetgetgetgetFlag 


I forwarded the request and went back to the website.


There we have our flag =) 

No comments:

Post a Comment

CTF's What are they and Why should you care ?

Capture The Flag events aka CTFs Capture the flag competitions are an excellent way to get started with hacking. Ctfs are organized by vario...