Saturday, January 27, 2018

[MSCS] Lucky Draw 50pts-Writeup [/WEB]

After competition started about 9:03 min, The first challenge came out with reversing (crackme1) challenge. I just look up that challenge but I can't handle. And I trying to solve that challenge, At this moment in time one of
my team member said to me there is another challenge known as web challenge ( lucky draw 50pt ). I quickly open the challenge link, The challenge description says.




Now, Testing time!
After I opened challenge link.



There is also provide challenge source code. cool!

 





Here is the code logic of that challenge.

In line no 36 > variable "number" is initialize from user input, if user input is not numbers, "number" is set to 0.
In line no 37 > variable "random" is generate by using rand php function between 1000 to 10000.
In line no 38 > compare generated random value with user input number.
If equal we will get the flag!

Here is one condition, you can't predict the random number generated from rand function but you can brute force the certain number ;)

so, let take the your lucky number,
first, I took 2222 as my lucky number and I try to brute force with curl command.
check the command in below pic.




Note ( "gp" is "grep" command )

after 2 min, we can't see the flag

I try to change another number "2222" to "8085".

and I got the flag.



See! we successfully submit the correct value twice within two minutes.



The first challenge that I solved in MCSC2018.
And the first solver team of that challenge, so we got another bonus (1 point ).



I want to say thank you to Ko Min Ko Ko who created this challenge.

No comments:

Post a Comment