Cyber wargames web challenges

Abdulrahman-Kamel
3 min readAug 8, 2022

--

* * * Konan challenge * * *

This challenge contains login by username and OTP code
First, I sent an admin in user parameter

And I show the second request, it had oneparameter OTP

{“OTP”:”1234"}

I sent random characters. They failed and no brute force attack is allowed.
All responses {“errors”:true,”reason”:”Invalid OTP”}

I focused on the errors in response. It’s true by default, this means that the request has invalid OTP, but if I changed this response to {“errors”:false,”reason”:”Invalid OTP”} it may trick the applicaiton and bypass to internal panel.

Response manipulation attack scenarios are found on many websites in bug bounty programs.

Summarized steps:

1. Intercept the request
2. right click and chose Do intercept
3. click on Response to this request
4. Forward the request, response will be shown
5. Change erros true to false and forwared the response
{“errors”:false,”reason”:”Invalid OTP”}

You will be redirected to another path and bypass the admin

* * * Drunken developer challenge* * *

This challenge contains on login and reset password functionality

Brute force attack is not allowed

After I browsed this panel and analysed the HTML source code, I found this comment

<!-- Temp mail in development time wars_admin2@vistaemail.com -->

Did the developer forget this email while developing the application ? Anyway, I searched on Google for this temp mail I found one: https://tempmailid.com/

I went to reset my password, entered this email, after accessing the email, I found the reset password link was sent

I noticed It’s still working.

Thank you these were the challenges I developped for Arab secuirty cyber war games CTF. Another challenge of difficaulty level hard, would be found in the following link.

https://4bdoz.medium.com/exploit-sql-injection-and-bypass-captcha-with-sqlmap-81e6fa1d4cd8

--

--

Abdulrahman-Kamel
Abdulrahman-Kamel

No responses yet