Challenge Name: Easy Message
I Have a Message for you.
Easy Message » CyberTalents → The Challenge link :)
I checked the page source of the target website, but nothing interesting. :)
I will take a look at the /robots.txt file. Just a hint for you: always check this file, because sometimes it contains important information.
So, I found a path in the robots.txt file called /?source. Let's try accessing this path and see where it directs us!
yea okay we got a simple php code which is :
<?php
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];
include(‘db.php’);
if ($user == base64_decode(‘Q3liZXItVGFsZW50’) && $pass == base64_decode(‘Q3liZXItVGFsZW50’))
{
success_login();
}
else {
failed_login();
}
?>
1. Retrieving User Input:
$user = $_POST['user'];
$pass = $_POST['pass'];- this code retrieves the username and password entered by a user from an HTML form using the
POSTmethod. $_POST['user']: Stores the submitted username.$_POST['pass']: Stores the submitted password.
2. Including External File (db.php):
include('db.php');This line includes a separate PHP file (db.php), which might contain database connection details or additional functions that are needed for the script to run.
2. Base64 Decoding and Credential Check:
if ($user == base64_decode('Q3liZXItVGFsZW50') && $pass == base64_decode('Q3liZXItVGFsZW50'))if ($user == base64_decode(‘Q3liZXItVGFsZW50’) && $pass == base64_decode(‘Q3liZXItVGFsZW50’))
Let’s Decode these two values using our kali terminal:
So the decoded string is "Cyber-Talent".
4. Login Success or Failure:
success_login();If the user provides the correct username and password (both "Cyber-Talent"), this function (likely defined in the db.php file) will be called, indicating a successful login.
failed_login();If the credentials don’t match, the failed_login() function is called, indicating a failed login attempt.
So Base64 encoded values:
'Q3liZXItVGFsZW50'="Cyber-Talent"
let’s try to login with this cred.
So, here’s the message we need to analyze, and we need to figure out what kind of encoding it is. Let’s Google it and see what we find. Here is the message:
..-. .-.. .- — . -. — . .. -….- -.- -. — — — . — -….- -. — — — — ..- -….- .- .-. … — -….- — — — — .-. … … — -. — .-
I’ll ask ChatGPT, and I found that this message is written in Morse code. Let’s decode it using ChatGPT as well :)
The message you provided is written in Morse code. Let’s decode it:
.-.. .- — . -. — . .. -….- -.- -. — — — . — -….- -. — — — — ..- -….- .- .-. … — -….- — — — — .-. … … — -. — .-
Decoding the provided Morse code:
Let’s break it down:
..-.= F.-..= L.-= A--.= G-.--.= ( (opening parenthesis)..= I-....-= - (dash)-.-= K-.= N-----= 0 (zero).--= W-....-= - (dash)-.--= Y-----= 0 (zero)..-= U-....-= - (dash).-= A.-.= R...--= 3-....-= - (dash)--= M-----= 0 (zero).-.= R...= S...--= 3-.--.-= ) (closing parenthesis)
FLAG(I-KN0W-Y0U-AR3-M0RS3)
So, let’s submit it and see if it’s correct or if ChatGPT was just joking with us :(
Yes, it’s right! Congrats, we solved the challenge! :)
Success is no accident. It is hard work, perseverance, learning, studying, sacrifice, and most of all, love of what you are doing or learning to do.” — Pelé
