The following is a walk through to solving root-me.org’s web server challenges (work in progress).
HTMLAs always, check the source code for the password.
nZ^&@q5&sjJHev0
Command Injection127.0.0.1;cat index.php
flag: S3rv1ceP1n9Sup3rS3cure
Open RedirectCheck source code. You can see that when an option is selected, you are redirected to, for example, https://facebook.com&h=………. We need to figure out what the value followed by ‘&h=’ is so we can structure our redirect url accordingly. Using an online md5 hash to text converter, we see the value represents the hashed value of the particular url. MD5 hash ‘https://google.com’ and note the value. Start tamper data and click the facebook link. Edit the url so the website redirects to ‘?url=https://google.com&h=<MD5hash of https://google.com>’ instead of facebook. Then submit the page.
e6f8a530811d5a479812d7b82fc1a5c5
User-AgentUser tamper data to change the user-agent from it’s original value to ‘admin’.
rr$Li9%L34qd1AAe27 HTTP Directory IndexingClue: Control + U
<!– include(“admin/pass.html”) –>
Navigate to:
http://challenge01.root-me.org/web-serveur/ch4/admin/pass.html
J’ai bien l’impression que tu t’es fait avoir / Got rick rolled ?
