Skip to content

Write UP - Langskip

Django - guessable token

Write UP - Langskip

Projet de Side Quest pour l'Ecole 2600
0xL4ughCTF
0xL4ughCTF
- OSINT
  OSINT
- Reverse Engineering
  Reverse Engineering
  - L4ugh CTF 2024 : easylogin
- Crypto
  Crypto
  - RSA GCD
- Web
  Web
  - L4ugh CTF 2024 : Micro
404CTF
404CTF
- Forensic
  Forensic
  - Le tir aux logs
- Pwn
  Pwn
  - Pseudoverflow
- Steganographie
  Steganographie
  - L'absence
- Web
  Web
AmsiCTF
AmsiCTF
- Crypto
  Crypto
  - Destruction
  - Prime suspects
BITskriegCTF
BITskriegCTF
- Pwn
  Pwn
  - MogamBro's Certainty Principle
- Reverse
  Reverse
  - Baby-rev
Bluehens
Bluehens
- Crypto
  Crypto
  - XS6 - CTR mode is just XOR
BraekerCTF
BraekerCTF
- Pwn
  Pwn
  - Embryobot
- Reverse
  Reverse
  - Binary shrink
- Web
  Web
  - Empty-execution
  - Stuffy
BreizhCTF
BreizhCTF
- Web
  Web
  - NginFail
CatTheFlag
CatTheFlag
- Web
  Web
  - Infection Web 1
CryptoHack
CryptoHack
DefCampCTF
DefCampCTF
- Crypto
  Crypto
  - ctr
GlacierCTF
GlacierCTF
- Blockchain
  Blockchain
  - GlacierCTF 2024 - Frozen in time
GreHackCTF
GreHackCTF
- Pwn
  Pwn
  - BabyPwn
HTB
HTB
- Box
  Box
  - Blue
- Crypto
  Crypto
  - Exciting Outpost Recon
- WEB
  WEB
  - Dynamic path
Hackday qualifs
Hackday qualifs
- Crypto
  Crypto
  - Baby Crypto
- Forensic
  Forensic
  - Baby Forensic
  - Blueprint Mirage
- MISC
  MISC
  - The Trap Fish
- Reverse
  Reverse
  - Oh my PAM
Hacktheboo
Hacktheboo
- Crypto
  Crypto
  - Hybrid Unifier
Hackvens
Hackvens
- Forensics
  Forensics
  - Analyse me
HeroCTF
HeroCTF
- Pwn
  Pwn
  - Heappie
- Crypto
  Crypto
  - HeroCTF v6 - Halloween
  - HeroCTF v6 - Interpolation
JerseyCTF
JerseyCTF
- MISC
  MISC
- OSINT
  OSINT
PatriotCTF
PatriotCTF
- Misc
  Misc
  - Let's play hide & seek
  - Making Baking Pancakes
PurplePillCTF
PurplePillCTF
- Crypto
  Crypto
  - Legend
Ringzer0CTF
Ringzer0CTF
- Web
  Web
WOCSA
WOCSA
- Web
  Web
  - CSRF multiple vulnerabilities
  - Django - guessable token Django - guessable token
    Table of contents
    
    Description
    
    Enoncé
    
    Solution détaillée
    
    Exploitation
    
    PoC
    
    Risk
    
    Remediation
  - IDOR
  - RCE through Deserialization
  - SQL Injection
  - Django - SSTI
  - XSS from Tutorial Title
  - XXE
  - Django debug port active
  - Predictable Reset Token

Django - guessable token

Description

Write Up: Guillaume
Créateur: WOCSA
Difficulté: Inconnu

Enoncé

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

Solution détaillée

Exploitation

We can bruteforce or guess the HS256 secret and craft own token, who lead to ATO

PoC

We found is the secret is purple1 with the tool hashcat

Risk

Weak secret lead to ATO and broke the entire authentification system, attacker can delete, modify and take over the any user

Remediation

Use a cryptographic secure secret