Username: 
Password: 
Restrict session to IP 

Challenge: Credit Card Challenge Pwned! Help Board  Go to the Credit Card Challenge Pwned! challenge

Global Rank: 170
Totalscore: 115606
Posts: 166
Thanks: 162
UpVotes: 119
Registered: 16y 35d
Z`s Avatar



Last Seen: 210d 16h
The User is Offline
Challenge: Credit Card Challenge Pwned! Help Board
Google/translate1Thank You!2Good Post!0Bad Post! link
This challenge is an offline challenge. This means you need a working
apache + mysql + php environment to solve this challenge. The checking
of the solutions is offline as well. I hate it, but can't do any
application which could check every solution properly. If anyone
has any idea for an online solution checker, let me know Smile

If you have no apache + mysql + php environment, I suggest to use xampp on
Windows and Linux, and mamp on Mac. After downloading them you can setup a
working environment in minutes. But solving the challenge needs some more
time. Start mysql, open a command window, cd xampp/mysql/bin, run mysql.exe
with mysql -u root (-p if you have set already password)


Copy pastable SQL commands (please see comments below):

GeSHi`ed SQL code
1
2
3
4
56
7
8
9
1011
CREATE USER 'www-user2'@'localhost' IDENTIFIED BY 'secure_password12'; 
CREATE DATABASE test;
USE test;
CREATE TABLE not_important_table (id INT, name VARCHAR(500));
INSERT INTO not_important_table VALUES(1,'test'); 
CREATE TABLE credit_card(id INT, cc_number BIGINT,cvv INTEGER);
INSERT INTO credit_card VALUES(1,1111222233334444,321);
INSERT INTO credit_card VALUES(2,1234567890123245,963);
commit;GRANT SELECT ON test.* TO 'www-user2'@'localhost';


---------------------------------------------------------------------------
-

Comments:
First you have to setup an admin password for mysql, then login to it with
> mysql -u root -p
after that create a user with:
> create user 'www-user2'@'localhost' identified by 'secure_password12';
and create a database with
> create database test;
change database:
> use test;
create table:
> create table not_important_table (id int, name varchar(500));
and insert a row into it :
> insert into not_important_table values(1,'test');

create the credit card table and insert some data
> create table credit_card(id int, cc_number biginteger,cvv integer);
> insert into credit_card values(1,1111222233334444,321);
> insert into credit_card values(2,1234567890123245,963);
> commit;
grant privileges:
> grant select on test.* to 'www-user2'@'localhost';


Start the apache web server and you can access the query.php via the
webserver like http://127.0.0.1/query.php
Now you can test on your own environment.
Good luck and don't forget to block every incoming connection to your whole
test environment, except localhost Smile

Update: mysql_connect was removed in PHP 7.0.0, please use older version of PHP or refactor the scripts to use mysqli_* functions.
Last edited by Z - May 27, 2018 - 13:17:05
Global Rank: 514
Totalscore: 48400
Posts: 18
Thanks: 11
UpVotes: 12
Registered: 11y 352d

Last Seen: 5y 195d
The User is Offline
RE: Challenge: Credit Card Challenge Pwned! Help Board
Google/translate1Thank You!0Good Post!1Bad Post! link
edit: Sorry was a bit overhasty there ;)
Last edited by SleepProgger - Apr 15, 2012 - 13:02:48
Global Rank: 319
Totalscore: 72307
Posts: 25
Thanks: 22
UpVotes: 17
Registered: 10y 176d



Last Seen: 2y 62d
The User is Offline
RE: Challenge: Credit Card Challenge Pwned! Help Board
Google/translate1Thank You!1Good Post!0Bad Post! link
I'm just starting to crack this problem, but it's not hints I want. I want to tell you my idea for testing solution in auto mode, no more manual checking. Well from time to time it's ok to have some manual maintenance Smile.

My idea consists in using a headless web browser to check the solution. The idea is that the headless web browser can access the link that you would access by hand, run the attacker's payload and then close. If the payload was good then the attacker obtains the values he wants in it's logger. One more thing. The machine where the headless browser will run inside the intranet so it can access:

GeSHi`ed Plaintext code
1
http://very-secure-intranet.local/query.php


Here you can find more info about a headless web browser written in Python (PySide/PyQt, WebKit)
GeSHi`ed Plaintext code
1
https://github.com/makinacorpus/spynner


Usage example:
GeSHi`ed Plaintext code
1
https://github.com/makinacorpus/spynner/blob/master/src/spynner/tests/spynner.rst


I never used Spynner, but I found it while I tryed to find info about Python and Webkit integration when I was considering writing a bare bone headless web browser by myself.

I hope it helps.
Redknee, ckclark, tunelko, silenttrack, n0tHappy, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 29058 times.