Skip to content

Le tir aux logs

Description

Write Up: Guillaume
Créateur: @ElPouleto
Difficulté: Very easy
Points: 100
Format du flag: 404CTF{}

Enoncé

Solution détaillée

Voici les logs a analiser: 

37.19.205.203 - - [19/Feb/2024:14:38:03 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.203 - - [19/Feb/2024:14:38:13 -0500] "GET /index.php?username=admin&password=admin123 HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.203 - - [19/Feb/2024:14:38:13 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:15:17:28 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:15:17:42 -0500] "GET /index.php?username=alice&password=securepzss HTTP/1.1" 200 548 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:15:17:48 -0500] "GET /index.php?username=alice&password=securepass HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/index.php?username=alice&password=securepzss" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:15:17:48 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/index.php?username=alice&password=securepzss" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.17 - - [19/Feb/2024:15:34:20 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.17 - - [19/Feb/2024:15:34:29 -0500] "GET /index.php?username=cam&password=KOKVr8Kw4pahwrAp4pWv77i1IOKUu+KUgeKUuw== HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.17 - - [19/Feb/2024:15:34:29 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.10 - - [19/Feb/2024:16:19:50 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.10 - - [19/Feb/2024:16:20:05 -0500] "GET /index.php?username=john_doe&password=password123 HTTP/1.1" 302 787 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.10 - - [19/Feb/2024:16:20:05 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.230 - - [19/Feb/2024:16:21:31 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.230 - - [19/Feb/2024:16:21:47 -0500] "GET /index.php?username=alice&password=securepass HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.230 - - [19/Feb/2024:16:21:47 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.108 - - [19/Feb/2024:16:34:20 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.108 - - [19/Feb/2024:16:34:29 -0500] "GET /index.php?username=toto&password=toto123 HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.108 - - [19/Feb/2024:16:34:29 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.103 - - [19/Feb/2024:17:18:48 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.103 - - [19/Feb/2024:17:18:59 -0500] "GET /index.php?username=nana&password=P4ssw0rd: HTTP/1.1" 200 548 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.103 - - [19/Feb/2024:17:19:16 -0500] "GET /index.php?username=nana&password=P4ssw0rd! HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/index.php?username=nana&password=P4ssw0rd!" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.103 - - [19/Feb/2024:17:19:16 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/index.php?username=nana&password=P4ssw0rd:" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.213 - - [19/Feb/2024:18:33:40 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.213 - - [19/Feb/2024:18:33:49 -0500] "GET /index.php?username=dominique&password=4pSs4pSA4pSs44OOKCDCuiBfIMK644OOKQ== HTTP/1.1" 302 787 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.213 - - [19/Feb/2024:18:33:49 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.16 - - [19/Feb/2024:18:47:28 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.16 - - [19/Feb/2024:18:47:42 -0500] "GET /index.php?username=cam&password=KOKVr8Kw4pahwrAp4pWv77i1IOKUu+KUgeKUux== HTTP/1.1" 200 548 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.16 - - [19/Feb/2024:18:47:48 -0500] "GET /index.php?username=cam&password=KOKVr8Kw4pahwrAp4pWv77i1IOKUu+KUgeKUuw== HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/index.php?username=cam&password=KOKVr8Kw4pahwrAp4pWv77i1IOKUu+KUgeKUux==" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.16 - - [19/Feb/2024:18:47:48 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/index.php?username=cam&password=KOKVr8Kw4pahwrAp4pWv77i1IOKUu+KUgeKUux==" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:22:54 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:23:02 -0500] "GET /index.php?username=admin&password=admin HTTP/1.1" 200 548 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:25:43 -0500] "GET /index.php?username=+%27OR+%27a%27%3D%27a&password=test HTTP/1.1" 200 548 "http://www.inscription_tir_arc.com/index.php?username=admin&password=admin" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:25:53 -0500] "GET /index.php?username=+%22OR+%27a%27%3D%27a&password=test HTTP/1.1" 200 662 "http://www.inscription_tir_arc.com/index.php?username=+%27OR+%27a%27%3D%27a&password=test" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:28:10 -0500] "GET /index.php?username=admin%22+AND+password+LIKE+%27a%25%27%23&password= HTTP/1.1" 200 531 "http://www.inscription_tir_arc.com/index.php?username=+%22OR+%27a%27%3D%27a&password=test" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:28:21 -0500] "GET /index.php?username=admin%22+AND+password+LIKE+%27a%25%27%23&password=test HTTP/1.1" 200 662 "http://www.inscription_tir_arc.com/index.php?username=admin%22+AND+password+LIKE+%27a%25%27%23&password=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:28:44 -0500] "GET /index.php?username=admin%27%23&password=test HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/index.php?username=admin%22+AND+password+LIKE+%27a%25%27%23&password=test" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

146.70.147.101 - - [19/Feb/2024:19:28:44 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/index.php?username=admin%22+AND+password+LIKE+%27a%25%27%23&password=test" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.9 - - [19/Feb/2024:19:31:02 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.9 - - [19/Feb/2024:19:31:27 -0500] "GET /index.php?username=john_doe&password=password123 HTTP/1.1" 302 787 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.9 - - [19/Feb/2024:19:31:28 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.205 - - [19/Feb/2024:19:32:12 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.205 - - [19/Feb/2024:19:32:19 -0500] "GET /index.php?username=admin&password=admin123 HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.205 - - [19/Feb/2024:19:32:20 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.108 - - [19/Feb/2024:19:34:20 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.108 - - [19/Feb/2024:19:34:29 -0500] "GET /index.php?username=toto&password=toto123 HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.108 - - [19/Feb/2024:19:34:29 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:19:43:17 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:19:43:22 -0500] "GET /index.php?username=alice&password=securepass HTTP/1.1" 302 783 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

190.2.155.232 - - [19/Feb/2024:19:43:22 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.8 - - [19/Feb/2024:19:44:40 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.8 - - [19/Feb/2024:19:43:49 -0500] "GET /index.php?username=john_doe&password=password123 HTTP/1.1" 302 787 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

169.150.218.8 - - [19/Feb/2024:19:43:49 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.206 - - [19/Feb/2024:20:14:20 -0500] "GET / HTTP/1.1" 200 531 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.206 - - [19/Feb/2024:20:14:29 -0500] "GET /index.php?username=admin&password=admin123 HTTP/1.1" 302 784 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

37.19.205.206 - - [19/Feb/2024:20:14:29 -0500] "GET /admin.php HTTP/1.1" 200 318 "http://www.inscription_tir_arc.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"

cette requete:

GET /index.php?username=admin%27%23&password=test HTTP/1.1
est une SQLI

qui permet de recuperer le flag: 

404CTF{http://www.inscription_tir_arc.com/index.php?username=admin%27%23&password=test}