Welcome to TMUCTF 2021

Original writeup (https://hackingstudypad.tistory.com/94).https://github.com/ZishanAdThandar/pentest/blob/main/ctf/writeups/2023.imaginaryctf.org/README.mdhttps://www.youtube.com/watch?v=ZMf_ztvfNrE

Original writeup (https://www.youtube.com/watch?v=ZMf_ztvfNrE).# Login

![](img/chal.png)

Challenge [Link](http://3.142.122.1:8889/)

There is a login Portal.

![](img/1.png)

I put `admin::admin` as username:password, they showing `Only for user:
din_djarin11`.We got username.

![](img/0.png)

Let's check the source code.

![](img/02.png)

From the sourcecode, we know there is a function called `checkIt()` also
source is from `main.js`. let's check it.

![](img/2.png)

In the source code we get `MD5` hashed password string
`9ef71a8cd681a813cfd377817e9a08e5`. Let's crack it here i used
[crackstation](https://crackstation.net/) website.

![](img/3.png)

So we got username and password that is `din_djarin11::ir0nm4n`. Once we login
we get a file to download named `ir0nm4n`, we get our from that file.

![](img/flag.png)

```SHELL{th1s_i5_th3_wa7_845ad42f4480104b698c1e168d29b739}```  

Original writeup (https://github.com/an0n4ce/CTF-Write-Ups/tree/master/SHELL-
CTF-21/Login/README.md).https://github.com/EffectRenan/CTF/tree/TJCTF_2020/web/Login

Original writeup
(https://github.com/EffectRenan/CTF/tree/TJCTF_2020/web/Login).> Navigating to the address shows us a login page requesting a password.

![image](https://user-
images.githubusercontent.com/68913871/132793106-24c74cd9-77bf-49e0-ba97-c73d1e938137.png)

> View page source, we can see that the page uses php.

```html  
<link rel="stylesheet" type="text/css" href="style.css">  
<title>Login Page</title>  
<form class="box" action="login.php" method="get">  
<h1>Welcome to TMUCTF 2021</h1>  
<h3>Just login and get the flag:</h3>  
<input type="password" name="password" placeholder="Password">  
<input type="submit" value="Login" />  
</form>  
```

> Navigate to /robots.txt

```txt  
if (isset($_GET["password"])) {  
if (hash("md5", $_GET["password"]) == $_GET["password"]) {  
echo "<h1>Here is the flag:</h1>" . $flag;  
} else {  
echo "Try harder!";  
}  
}  
```

> The approach to this challenge is adapted from a similar challenge from
> another CTF shown in [this writeup](https://ctftime.org/writeup/12065).

> Here, we see a vulnerability. The comparison in the if condition is done
> with `==` instead of `===`. This mean that the comparison returns true also
> if both strings are scientific number, so we just need to find a string
> which hash is like: `0e + some digits`.

> The following is a python script taken
> [here](https://github.com/bl4de/ctf/blob/master/2017/HackDatKiwi_CTF_2017/md5games1/md5games1.md),
> which uses bruteforce to give us the required string: `0e215962017`

```python  
#!/usr/bin/env python  
import hashlib  
import re

prefix = '0e'

def breakit():  
iters = 0  
while 1:  
s = prefix + str(iters)  
hashed_s = hashlib.md5(s).hexdigest()  
iters = iters + 1  
r = re.match('^0e[0-9]{30}', hashed_s)  
if r:  
print "[+] found! md5( {} ) ---> {}".format(s, hashed_s)  
print "[+] in {} iterations".format(iters)  
exit(0)

if iters % 1000000 == 0:  
print "[+] current value: {} {} iterations, continue...".format(s, iters)

breakit()  
```

> Entering the string as the password gave us the flag since the statement `if
> (hash("md5", $_GET["password"]) == $_GET["password"])` will equate to true.

`TMUCTF{D0_y0u_kn0w_7h3_d1ff3r3nc3_b37w33n_L0053_c0mp4r150n_4nd_57r1c7_c0mp4r150n_1n_PHP!?}`

Original writeup
(https://github.com/Rookie441/CTF/blob/main/Storage/Writeups/TMUCTF2021_Writeup.md#login).