AmazingCryptoWAF -
Рет қаралды 7,801
Күн бұрынCheck how the challenge was created on @LiveOverflow channel:
• Design Flaw in Securit...
📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
This video is a solution of Amazing Crypto WAF challenge from ALLES! CTF. The task was created by one of the most popular KZfaqrs in our industry - LiveOverflow. The solution involved bypassing WAF (Web Application Firewall), exploiting blind SQL injection and decrypting the flag.
Exploit code:
gist.github.com/gregxsunday/6...
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
Follow me on twitter:
/ gregxsunday
Timestamps:
00:00 Intro
00:47 See how the challenge is built
01:40 Detecting the SQL injection
03:20 Bypassing the WAF
05:30 Constructing the SQL query
06:33 Decrypting the flag
08:14 Exfiltrating the data using blind SQL injection
#ctf #writeup
@BugBountyReportsExplained 2 жыл бұрын
Welcome to the comment section! I hope you enjoyed the video. If you did, make sure to like it 👍 and subscribe to the channel: kzfaq.info
@kh0kh0 2 жыл бұрын
Great explanation!! You could combine binary search and Limit
@kh0kh0 2 жыл бұрын
But it would overcomplicate solution even more.
@kh0kh0 2 жыл бұрын
Oh i think I am wrong. I believe you can't get better solution that yours because binary search would still need 6 queries to extract 7 letters so it's just a 7/6 times speedup.
@BugBountyReportsExplained 2 жыл бұрын
Nice! I think it would be an improvement. In the worst complexity not but if we take 3 tests per character as an average , it gives us 200*3 = 600 tests but we can do 7 tests in 1 request so 600/7 ~= 86 requests compared to my 200. It is also possible to limit the number of requests prior the attack. 64 notes is enough as base64 charset only uses 64 characters. But I'd have to add more logic to the SQL query because those are not siblings in the ascii table. There might also be a possibility to extract more data using OFFSET clause.
@georgehammond867 2 жыл бұрын
Well done dude, was not easy challenge.
@chaysx177 2 жыл бұрын
amazing, well done!
@BugBountyReportsExplained 2 жыл бұрын
Thank you! Cheers!
@cyberbytes6653 2 жыл бұрын
Really interesting. Great work.
@BugBountyReportsExplained 2 жыл бұрын
Many thanks!
@rafajanicki2456 2 жыл бұрын
Awesome video :) No doubt you have some really l33t skills :D
@BugBountyReportsExplained 2 жыл бұрын
Thanks 😁
@saketsrv9068 2 жыл бұрын
You are such a genuis guy...
@BugBountyReportsExplained 2 жыл бұрын
haha I'm not. It's nothing more than experience
@twobob 2 жыл бұрын
good effort.
@BugBountyReportsExplained 2 жыл бұрын
Thanks 👍
@danielgrunberger2621 2 жыл бұрын
So you point his video and he point yours. lol. cool video bro :)
@BugBountyReportsExplained 2 жыл бұрын
thanks ;)
Bug Bounty Reports Explained
Рет қаралды 6 М.
Bug Bounty Reports Explained
Рет қаралды 4,7 М.
Bug Bounty Reports Explained
Рет қаралды 14 М.
Скажи Гордеевой
Рет қаралды 622 М.
freeCodeCamp.org
Рет қаралды 1,9 МЛН
Bug Bounty Reports Explained
Рет қаралды 4,2 М.
Bug Bounty Reports Explained
Рет қаралды 15 М.
Bug Bounty Reports Explained
Рет қаралды 4,3 М.
STICKY Art Shorts
Рет қаралды 1,7 МЛН
Immersed
Рет қаралды 3,3 МЛН
Blueberry Lutein
Рет қаралды 268 М.