Websocket SQLi and Weak JWT Signing Key - "Bug Report Repo" [INTIGRITI 1337UP LIVE CTF 2023]
Вставка
- Опубліковано 20 лип 2024
- Video walkthrough for "Bug Report Repo", a web challenge I made for the @intigriti 1337UP LIVE CTF 2023. The challenge had multiple parts; first you need to use an IDOR to find a hidden bug report from ethical_hacker. Next, you exploit SQL injection over websocket protocol (either with custom script, or modified proxy for SQLMap). Once you find creds in the DB for the hidden endpoint, you login to find only the admin can read the config. Since the server uses JWT-based authentication, you crack the HS256 signing key with a tool like jwt_tool/hashcat/john, and then forge a new token with the username "admin". Now you just need to swap the cookies to find your flag! Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #INTIGRITI #CTF #Web #BugBounty
Full writeup: github.com/Crypto-Cat/CTF/blo...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat/CTF
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
UA-cam: / cryptocat23
Twitch: / cryptocat23
↢INTIGRITI 1337UPLIVE CTF↣
ctftime.org/event/2134
ctf.intigriti.io
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forensics
Decompile Code: www.decompiler.com
Run Code: tio.run
↢Chapters↣
0:00 Start
0:44 Explore functionality
1:37 Tamper with requests (IDOR)
2:20 Identify SQLi
3:25 Modify websocket SQLi proxy
4:50 SQLMap (proxied via burp suite)
6:16 Explore hidden endpoint
7:55 Crack JWT token with jwt_tool
8:46 Forge new token to login as admin
9:52 End - Наука та технологія
4:20 I meant the other way round xD this challenge used SQLite instead of MySQL!
Thanks for idea of brute forcing signature key, that's helped me
Perfect! Welcome 💜
Great video bro 😊
Thanks mate 🥰
Awesome challenge :O
ty 💜
Dope shit, homie
👊
Actually, you don't need to use middleware sqlmap supports web sockets, great writeup tho
Oh wow, really.. Did you solve this one with SQLMap, without the middleware? Don't think it worked for me 🤔
Thank you for the video. However, I would like to see more videos that include all of the categories listed above. XD
I'm gonna make some more, any challs in particular?
@@_CryptoCat I have done all the challenges in the warm-up category. But in other categories of the challenge, I can't solve even one. Because I have just started CTF for 4 months. I watched all your walk-through videos to learn.
@@BabeRyHellCat No problem! I'm gonna try and release a video per day (alternating on my channel and intigriti's) for at least the next week, maybe longer if they are getting a good reception 😊
@@_CryptoCat thank you so much❤️
as a beginner i found this challenge hella hard , any tips to improve on this category of challenges?
It's a very niche topic and definitely takes some time, I made an "intro to pwn" series which might help: ua-cam.com/video/wa3sMSdLyHw/v-deo.html
where can i find this challenge because the CTF is ended right? so have you uploaded this ctf anywhere?
Should still be up: ctf.intigriti.io/challenges