Posts: 8 Threads: 0 Joined: N/A October 26, 2022 at 8:39 AM thanks Posts: 5 Threads: 0 Joined: N/A October 26, 2022 at 9:25 AM Very thanks u. Good hint Posts: 13 Threads: 0 Joined: N/A October 26, 2022 at 9:39 AM Awesome! Posts: 33 Threads: 0 Joined: N/A October 26, 2022 at 10:11 AM Thanks Posts: 13 Threads: 0 Joined: N/A October 26, 2022 at 10:49 AM For forensics challenge I wouldn't suggest using Ghidra (unless you're a gigachad GURU), If you run "strings [BAD FILE]" you can sniff that it's compiled with a some python flavor, prob "pyinstaller" or something.
You can decompile this ELF file into a .pyc, and then to a py, check this article out https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc
You only have to figure out the "bad MAGIC NUMBER" errors if they appear to you, and check out these tools: https://github.com/zrax/pycdc OR https://github.com/extremecoders-re/pyinstxtractor Posts: 8 Threads: 0 Joined: N/A October 26, 2022 at 10:57 AM (October 25, 2022, 01:47 PM)nirs Wrote: (October 25, 2022, 01:37 PM)11231123 Wrote: For web challenge:
POST /api/getfacts
{
"type":true
}
why does it work ? For me, the json data types (string, number, object, array and boolean) would need to match. Initially I tried the string "admin" which gave an error, I then tried boolean, which as indicated above works. Posts: 5 Threads: 0 Joined: N/A October 26, 2022 at 11:06 AM thenks.... Posts: 14 Threads: 0 Joined: N/A October 26, 2022 at 11:21 AM (October 25, 2022, 01:05 PM)Hacker2222 Wrote: plz discuss day 4 challenges here
reversing challenge: cheers :D Posts: 11 Threads: 0 Joined: N/A October 26, 2022 at 11:24 AM Thanks Posts: 21 Threads: 0 Joined: N/A October 26, 2022 at 11:25 AM (October 26, 2022, 10:57 AM)am9obi1 Wrote: (October 25, 2022, 01:47 PM)nirs Wrote: (October 25, 2022, 01:37 PM)11231123 Wrote: For web challenge:
POST /api/getfacts
{
"type":true
}
why does it work ?
For me, the json data types (string, number, object, array and boolean) would need to match. Initially I tried the string "admin" which gave an error, I then tried boolean, which as indicated above works. It's actually pretty simple: PHPs switch case does not check for type equality. It just thinks any string equals the boolean "true", similar to how "1" also equals "true" in many languages. However, before that switch statement, a type-sensitive check is done for "secret" using three equality signs. So if we put in "true", the first check fails (the one that makes sure only localhost can access the data), but the switch case still accepts the input for any string. And since "secret" is the first case, that's the one that triggers for "true". |
