Google CTF 2018

Router-UI

Using the domain found on the hardened aluminum key, you make your way on to the OffHub router. A revolutionary device that simplifies your life. You’re at the UI page, but attempting to brute force the password failed miserably. If we could find an XSS on the page then we could use it to steal the root user session token. In case you find something, try to send an email to wintermuted@googlegroups.com. If you claim your link includes cat pictures, I’m sure Wintermuted will click it. I hope Chrome’s XSS filter will not block the exploit though.

https://router-ui.web.ctfcompetition.com/

You can find my all CTF solution in here

 

XSS means cross site scripting. This gives us the clue about the weakness of the website.

When we open the website we encounter bellow window.

Try with ;

username: test

password : testpassword

Output is;

we can use this post request

I write some script for XSS vulnaribities.

But your domain must be have SSL certificates. Beacuse Google Chrome block http:// request so that, your domain must be https://

badlogin.html

 

badphp.php

 

badjs.js

After that, I send an e-mail to wintermuted@googlegroups.com

“Please visit https://www.[YOURDOMAIN].com/badlogin.html for cat picture”

After 1 min, I check logbad.txt and I found cookie season.

/badphp.php?flag=Try%20the%20session%20cookie;%20session=Avaev8thDieM6Quauoh2TuDeaez9Weja

I added this cookie in chrome

When I Reload the page, I loged in website. When I open the passpord value with inspector I found the flag.

 

<input type=”password” value=”CTF{Kao4pheitot7Ahmu}”>

CTF{Kao4pheitot7Ahmu}