Thread replies: 23
Thread images: 1
Thread images: 1
File: IMG_5185.png (131KB, 1000x500px) Image search:
[Google]
131KB, 1000x500px
I'm doing a cyber challenge, and I'm on the first challenge and I'm already out of my depth.
I'm not even sure where to begin desu.
I need to log into a local site using credentials that are sent over an insecure HTTP connection, using POST and GET.
The challenge is hosted locally on my machine, which means I can't sniff someone logging into it and steal credentials that way.
I have inspected the source code and I can't see any php, despite the file name being login.php
Like I said I'm pretty out of my depth. It's just a CTF challenge, I'm not asking for help hacking an actual site.
>>
Set up Wireshark? Show us source code
>>
>>59247434
wireshark snifffffffffffffffffffffffffffffffffffffffffffff braaaaaaaaaaaaaaaappppppppffffztzzzzzzzzzzz
>>
>>59247458
We don't get access to the actual source, just the "view page source" in a browser is all I can find and it's missing the php
It's a vm set up as the web server, that you don't get the log in for, so it runs in the back and just serves
>>
>>59247434
>I have inspected the source code and I can't see any php,
You only see the HTML generated by the PHP. The idea is probably for you to enter some malformed input which will cause the PHP to spit out a password or whatever.
>>
>>59247464
What will wireshark show me if I'm entering the wrong details?
>>
>>59247486
Of course its missing the php in this way, go read an introduction to php. Php is a backend language which is never served to the frontend (your view page source thingy)
>>
>>59247486
Type 'or 1 = 1 into both fields
>>
>>59247543
I mean ' or 1=1
Alternatively " or 1=1
Not sure but the whitespace is also key
>>
>>59247502
Makes sense. I assumed since I can see the post and gets in firebug that it would be attached to the front end.
I've tried to submit a GET using developer mode to ask for the password and email, that did nothing.
>>
>>59247566
I don't understand this
>>
>>59247772
read a book you lazy cunt
>>
>>59247790
What on, exactly? What is it you're trying to get me to do? An sql exploit? Is this a way to retrieve the user name and password via php?
>>
>>59247790
This
>>
>>59247872
If you don't understand this you're not fit to take the goddamned challenge.
>>
>>59248207
this
>>
>>59248207
Yeah I can appreciate that. But what am I even supposed to look up to find this out?
>>
>>59247434
>I have inspected the source code and I can't see any php
if you pop a line like that you shouldn't even be doing the challenge, every one knows that php source cannot be seen from the browser..
>>
>>59248242
Intro to CS
Intro to webdev
>>
>>59248242
The 1 or 1 thing is checking for susceptibility to an sql injection
>>
>>59248282
Oh ok how does it do that? What is the purpose of feeding it that?
>>
>the story of OP: a dumb cunt tries a challenge
>>
>>59248436
Yeah pretty much mate
Thread posts: 23
Thread images: 1
Thread images: 1