🌐 Irish-Name-Repo 1

A detailed write-up of the Web challenge 'Irish-Name-Repo 1' from PicoCTF - 2019

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoGym/PicoCTF-2019/Web

01/03/2025 431 words 3 minutes

Contents

/images/PicoGym/PicoCTF-2019/Irish-Name-Repo1/challenge_presentation.png — Challenge Presentation

📊 Challenge Overview

Category Details Additional Info

🏆 Event PicoGym Event Link

🔰 Category Web 🌐

💎 Points 500 Out of 500 total

⭐ Difficulty 🟡 Medium Personal Rating: 0/10

👤 Author Chris Hensler Profile

🎮 Solves (At the time of flag submission) 20.632 solve rate

📅 Date 22-02-2025 PicoGym

🦾 Solved By mH4ck3r0n3 Team:

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points	500	Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 0/10
👤 Author	Chris Hensler	Profile
🎮 Solves (At the time of flag submission)	20.632	solve rate
📅 Date	22-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

There is a website running at https://jupiter.challenges.picoctf.org/problem/50009/ (link) or http://jupiter.challenges.picoctf.org:50009. Do you think you can log us in? Try to see if you can login!

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Site Presentation

Clicking on the hamburger menu, I found an interesting page for the admin login:

Menu

Admin Login

Here, I immediately thought of an SQL Injection, since inspecting the page source didn’t reveal anything interesting. Let’s move on to the exploitation phase.

PS: By the time I reached the third challenge in this series, I discovered there is a parameter in the form debug=0, which, when set to 1, shows the query… So always remember to inspect the page source.

🔬 Vulnerability Analysis

Potential Vulnerabilities

SQL Injection

🎯 Solution Path

Exploitation Steps

Initial setup

We have an admin username, which we found on the Support page from the menu seen earlier:

Support Page

We can use this for a potential injection. Let’s move on to the exploitation phase.

Exploitation

The information gathered (about the admin user) turned out to be pretty useless, as it was a very simple SQL Injection. By entering the following in the username field:
1
' OR 1=1 -- 
I gained access and consequently obtained the flag.

Flag capture

Manual Flag

🛠️ Exploitation Process

Approach

The automatic exploit sends a simple POST request with the payload username=' OR 1=1 -- and password=, then, once access is granted, it extracts the flag from the response using a regex.

Exploit

🚩 Flag Capture

Flag

Proof of Execution

Automated Flag

Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose

Python Exploit

Tool	Purpose
Python	Exploit

💡 Key Learnings

Time Optimization

When there’s a login in a blackbox challenge, always try an SQL Injection (unless there are things like admin bot (XSS case) or jwt tokens).

Skills Improved

Binary Exploitation

Reverse Engineering

Web Exploitation

Cryptography

Forensics

OSINT

Miscellaneous

📚 References & Resources

Learning Resources

https://www.w3schools.com/sql/sql_injection.asp

📊 Final Statistics

Metric	Value	Notes
Time to Solve	00:01	From start to flag
Global Ranking (At the time of flag submission)		Challenge ranking
Points Earned	500	Team contribution

Created: 22-02-2025 • Last Modified: 22-02-2025 *Author: mH4ck3r0n3 • Team: *