Tag Archives: def.camp

Security Espresso – Challenge for def.camp tickets

I found the flag pretty easy but, sadly, out of 9 other people that solved it .. random.org did not like me that much :))

Here is a writeup for the challenge.

It all started with a FB post and a promise I made with myself .. never go to paid security conferences if I don’t get there by free  : and here it was .. a simple form:

First thing, first was to test with a random email and password so I can catch errors and so on. The first error was about a wrong username so I took the emails present on the same page and tried them until I found the correct one, then started hydra to brute force it (well, I haven’t seen the hints so I tried it with another dictionary at first).

hydra -l contact@security.security -P rockyou.txt -s 5000 http-post-form “/:email=^USER^&password=^PASS^&submit=fdf:F=Wrong password!” -vV -t 32 -f

After getting access to the system, there was a hint in the text itself so I tried to see a point so I can increase the level from 0 to 10 to see what happens. There were no endpoints so … hmm .. looked in the cookies, found one that was looking like an md5 string so I used a “decrypt” website and it was “0” … LOL, all I had to do was to md5(“10”) then replace the cookie content and that was all 🙂