Hello everyone.
I am Noman from Knight Squad. This article is the beginning of a series of cyber security posts where I will share my knowledge about hacking by CTF (Capture the Flag) walkthroughs. A CTF is a game that lets you learn to hack in a safe, rewarding environment.
Today I will write about Hacker101 Micro-CMS v1 CTF and will find the Flag0. So lets get started.
I have found below hints in this challenge.
- Try creating a new page
- How are pages indexed?
- Look at the sequence of IDs
- If the front door doesn’t open, try the window
- In what ways can you retrieve page contents?
First I copied the micro-CMS link and visited the website. I got three links / pages by opening Micro-CMS V1:
I visited these three links and noticed that I can create/edit pages and also can use markdown in page. So I created a page by clicking the “Create a new page” link. After creating the page, the system redirected me to my new page. When I was on my new page I noticed that I have an ID for my page and that is 12.
It is interesting that there are now three pages (like below) and why my page ID is 12 ! Its should be 3.
- Testing
- Markdown Test
- CyberIdiot – Page
So, I thought I should tamper the page ID to see what’s going on. I changed the page ID from 12 to 11 and got a “Not Found” page. So this page does not exist. I reduced the page ID one by one and noticed that when I used 7 in the page ID I got a “Forbidden” page. It’s interesting, isn’t it?
This page may exist but I can’t see it. So what should I do now? I visited my new page and clicked the “Edit this page” link to get the edit page. Now I have changed the page ID from 12 to 7 and boom, this load the page 7 with my flag0.
I copied the flag and submitted it to Hacker 101 site. Isn’t it easy and fun? Give it a try now.
I hope you have enjoyed the walkthrough. Don’t forget to share your thoughts and feedback in the comment section.