Web 200- Nevernote
Upon visiting the IP given, we encounter a login page. After making a user and messing around with
the site for a while, we made a few discoveries.
First, there were two major
functions:
Message
sending between users
Note
keeping for user accounts
Each type had its own webpage, but displayed the information
relatively the same way. They also
retrieved information in the same way: using a long hash of some kind
ex:
OGYwH6NoIW8tFXlruRu5Byd%2BA33Wl7C8s%2BTyZ0yza983uclRUJJwGUU1xRm1AYxNsFxBJXN0eim7vXNC0BJBnLGooE%2F3K5HFZys35A90XFEYuGfMN0EMoJwMADyivk1h7Gi%2FnQINWjGTqfX0OpFU0wHQr9FeD2Bi%2F6p0USZ7Ync%3D
The two pages were viewmessage.php and editnote.php.
From what we could tell, the content of the message did not
change the hash in any way. From this we
assumed that the hash was related to its index or similar.
The next thought we had was to see if the messages and notes
were stored in the same places. After
copying the hash from the first of my notes and pasting it into the messages, I
was able to see a message I hadn't seen before and a list of notes that didn't
belong to me. So we continued following
down that rabbit hole. After a couple iterations of doing the same thing,
selecting from the new list of notes every time and moving the hash to messages,
we managed to reach a note at:
http://128.238.66.214/editnote.php?enc=RXva4Bedh28rj7XYepKAh1Sj47N1bgLUn7kebksH5IFpb7yq4NYgfZ4tYfX%2FfeZjKGGsnKDwDa17zWxKfSVeUBeSEqbh%2FqeM3QBg61r58tl%2FK%2FLKY1JBou0VgoMMdLB6%2Bf5Tf8YWzxTfvGxrvr877Mx%2Be1tnzIYZm2Xp3SM4t7Q%3D
The note was titled key and the body of the note said:
key{akjdsf98LolCats234lkas0!#@%23Ferrari134545!@#250saDucati9dfL$Jdc09234lkjasf}
And there it was.
#winning
-shdwstrk
No comments:
Post a Comment