PDA

View Full Version : CTP Registration Challange 1



Hackuin
06-26-2011, 01:16 AM
I was actually bored, and started listening to Heavy Metals, and after few hours or soo, I got bored of it too, and the time I was listening to Black Metals (http://www.youtube.com/watch?v=jXUhTR3Dt0M) , something black flashed to ma mind, and that was CTP Registation Challange 1. Lolz... I loaded my beautiful "gedit" with "#!/bin/bash" and ended with....




#!/bin/bash

#: CTP Regestration Challange1 :/

clear
cd /tmp

URL=http://www.fc4.me/index.php #: Declaring variable for getting source files
URL1=http://www.fc4.me/fc4.js


wget $URL #: Geting the files
wget $URL1


VUL1=`cat index.php |grep srvstr |cut -c 29-54` #: prashing the file for required strings

VUL2=`cat fc4.js |grep hex |cut -c 59-94`

VUL3=`printf "%b\n" "$VUL2"`

ANS="$VUL3$VUL1"


#: Now we get the MD5 digest for the required string

wget "http://scriptserver.mainframe8.com/md5.php?phrase=$ANS&button=MD5+encode"

vulstring=`cat md* |grep stro | cut -c 12-43`


echo -e "&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&"
echo
echo -e "srvstr value for you is: $VUL1"
echo -e "Hex value in js file is: $VUL2"
echo -e "Security String = $vulstring"
echo
echo -e "&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&"

#: Lulz


Exploit Code Not People!!


-Hackuin.

Anant Shrivastava
06-26-2011, 01:48 AM
well there is a next step involved in it too.....

took something like 2 minutes to get passed the check....

however the actual question is does cracking this registration check means you are ready for the training .

I think not .......

Hackuin
06-26-2011, 01:57 AM
Lulz.

You didn't got it mate.
why is this in Linux Shell / Bash Programming section ?

Anant Shrivastava
06-26-2011, 02:00 AM
Lulz.

You didn't got it mate.
why is this in Linux Shell / Bash Programming section ?
I got your intentions buddy however i missed checking the place of posting and by accident posted a question which was in my mind the day i got that CTP strings.

Hackuin
06-26-2011, 03:04 PM
It is very common practice of mine, 4/5 years back, where I used to spend my time, learning and completing challenges at Hackthissite (http://www.hackthissite.org/), and at playing war-games at rootthisbox, after completing all the challenges, I used to start over again with different approach, especially at Application Missions/Challenges (http://www.hackthissite.org/missions/application/). And this thing, believe me or not, makes you very confident about the concept and makes you learn clearly. Because, you already have a solutions, but, you are looking to accomplish it with different approaches, and with again makes you learn/understand concepts draw-backs/advantages with a particular approach.