/Phonebook-Challenge-HackTheBox

Script used in the Capture The Flag (CTF) "Phonebook" Web Challenge of the webside Hack The Box (HTB) Walkthough

Primary LanguagePythonApache License 2.0Apache-2.0

Phonebook Challenge HackTheBox

Script made for being used in the Capture The Flag (CTF) "Phonebook" challenge of the webside Hack The Box

You can find this challenge in www.hackthebox.eu

The Phonebook challenge will appeas like that:

Challenge

When you press "Start" they will provide you an instance ip:port.

Web

We will find a vulnerability to exploit, if you enter "*" as username and "*" as password, you can bypass the login, but with this you still won't be able to get the flag.

This script takes advantage of this vulnerability by loading as a payload each character with "*" in each field until access is achieved, decoding the user and password (this will be the flag :) ).

Requirements

  • Linux

  • Python3.

  • Libraries:

    • Requests : pip install request

Execution

  • Valid format:
python3 HTB_Phonebook_CTF.py ip:port/login

example of a valid execution :

python3 HTB_Phonebook_CTF.py http://167.99.88.216:31427/login

Demostration Result

Author ✒️

  • Jorge Manuel Lozano Gómez