SecBlog

A Simple b(log) of interesting things

Freelancer

Name : Freelancer
tags : web
Solved: 06 July 2021

Intro

A message from creater : “Can you test how secure my website is? Prove me wrong and capture the flag!”


Solution

We are presented with a website, Lets run gobuster on it.

We find following interesting directories

  - /administrat  : presents a login form
  - /mail      : contains contact_me.php file which yields 500 Internal error.

Analyzing the source for main page reveals a link portfolio.php?id=1.

We run sqlmap and see that parameter id is injectible.


Alright, we extract the Database name : freelancer below

Image3


Dumping tables of DB freelancer


The safeadmin table looks interesting, lets dump its content.

Above we extracted the password hash, but i was unable to break it. So moving on.


Moving ahead, while further bruteforing the /administrat directory, panel.php was found


When we try to access panel.php, we are redirected to the index page. Lets read it’s code using sqlmap


In the panel.php, we find our flag.

That is the challenge !


« Back