In my last blog post I stated that I was going to start showing my solutions to web app security questions.
My first solution will be from the OWASP Hackademic Challenges Project – Challenge 1.
Below is the scenario:
Our agents (hackers) informed us that there reasonable suspicion that the site of this Logistics Company is a blind for a human organs’ smuggling organisation.
This organisation attracts its victims through advertisments for jobs with very high salaries. They choose those ones who do not have many relatives, they assasinate them and then sell their organs to very rich clients, at very high prices.
These employees are registered in the secret files of the company as “special clients”!
One of our agents has been hired as by the particular company. Unfortunately, since 01/01/2007 he has gone missing.
We know that our agent is alive, but we cannot contact him. Last time he communicated with us, he mentioned that we could contact him at the e-mail address the company has supplied him with, should there a problem arise.
The problem is that when we last talked to him, he had not a company e-mail address yet, but he told us that his e-mail can be found through the company’s site.
The only thing we remember is that he was hired on Friday the 13th!
You have to find his e-mail address and send it to us by using the central communication panel of the company’s site.
Entering the Logistics Company I am presented with the following:
As you can see we need to find the code and password. Looking at the page really doesn’t give us anything to work with.
Next I look at the page source to look at the code. Maybe there are some goodies here!
Well look at what we have here. Looking at the end of the first line we see that the font color is #FFFFFF = white. Inside this white color font it has white and rabbit. Let’s see if this is the code and password.
After entering our information we’re logged into the portal of Greek Logistics Company.
Looking at the left side we see the send e-mail option. We will use this later as we need to send an email to find our captured friend.
Let’s look at the mailbox special client’s mailbox.
We see that there are five clients at Greek Logistics Company. Let’s look at the frame source on the Special Clients’ Mailbox and see what we get.
What do we have here? there’s a secret_area_ directory… Let’s see what’s in this directory.
Going to the secret_area_ directory there’s two files. A mails.gif file and a mails.txt. Our mission is to find the email of our friend so we can email them. That will probably be in the mails.txt file.
Opening the mails.txt file we see a list of email addresses. Re-reading the scenario we know that our friend went MIA on Friday the 13th. Looking at the list of emails one of them jumps out: Jasson Killer Friday13@JasonLives.com. Let’s use this email address and see if can connect with out kidnapped friend.
Going back to the secret area portal, we go to the send e-mail link:
Pressing send we get the following:
Yay! We were able to complete the challenge and able to contact our kidnapped friend.
- Even though the code and password were obscured by setting the text to white, this still didn’t stop us from gaining entry to the portal. When you’re unsure on how to proceed, look at the page source. Unfortunately, developers leave a lot of gems that should not be there.
- Once we gained entry into the secret portal. We looked at the frame source, and noticed a secret directory. Again, the developers left valuable gems for us to continue
- Finally when we went to Apache server we noticed two files. Looking at the scenario we were able to skip the first file as it was just a gif. The second file was what we were after… it had the list of email addresses
- Opening this file and re-reading the scenario we were able to find that the email address we wanted was from Jason (Friday the 13th).
Whenever you’re stuck- ALWAYS LOOK AT THE PAGE SOURCE! 🙂