Initial Observations: A simple login page let’s see what does it hide
Tools Used
Burp Suite
Web Inspect
Solution Steps
Let’s random data then see what we get
I tried ssss, 1234 and got Log In Failed
Let’s see the request in Burp Suite and learn how the credentials is dealt with
Intercept the request then pass it to the repeater. You can see one Java script file called secure.js
and the script that checks the username and password and validates the credentials
filterPassed=true;for(leti=0;i<string.length;i++){cc=string.charCodeAt(i);if((cc>=48&&cc<=57)||(cc>=65&&cc<=90)||(cc>=97&&cc<=122)){filterPassed=true;}else{returnfalse;}}returntrue;}window.username="ssss";window.password="1234";usernameFilterPassed=filter(window.username);passwordFilterPassed=filter(window.password);if(usernameFilterPassed&&passwordFilterPassed){loggedIn=checkPassword(window.username,window.password);if(loggedIn){document.getElementById('msg').innerHTML="Log In Successful";document.getElementById('adminFormHash').value="2196812e91c29df34f5e217cfd639881";document.getElementById('hiddenAdminForm').submit();}else{document.getElementById('msg').innerHTML="Log In Failed";}}else{document.getElementById('msg').innerHTML="Illegal character in username or password."}
1
2
3
4
5
6
7
8
9
10
11
12
3. **Inspecting the code**
By the credentials that I have submitted I got `Log In Failed` so the checkPassword function is what causes this but from where does this function come? let's check the `secure.js` file.
4. **Inspecting the js file**
First of all how could I see this file let's try to use the web inspect then see the sources tab that contain the files of the website. Here we go
Know let's try this
5. **Getting the flag**
By submitting with the found credentials we get the flag.
---
