Username: 
Password: 
Restrict session to IP 

Challenge: Credit Card Challenge Pwned! Help Board  Go to the Credit Card Challenge Pwned! challenge

Global Rank: 156
Totalscore: 114769
Posts: 166
Thanks: 156
UpVotes: 110
Registered: 11y 209d
Z`s Avatar



Last Seen: 38d 3h
The User is Offline
Challenge: Credit Card Challenge Pwned! Help Board
Google/translate1Thank You!1Good Post!0Bad Post! link
This challenge is an offline challenge. This means you need a working
apache + mysql + php environment to solve this challenge. The checking
of the solutions is offline as well. I hate it, but can't do any
application which could check every solution properly. If anyone
has any idea for an online solution checker, let me know Smile

If you have no apache + mysql + php environment, I suggest to use xampp on
Windows and Linux, and mamp on Mac. After downloading them you can setup a
working environment in minutes. But solving the challenge needs some more
time. Start mysql, open a command window, cd xampp/mysql/bin, run mysql.exe
with mysql -u root (-p if you have set already password)


Copy pastable SQL commands (please see comments below):

GeSHi`ed SQL code
1
2
3
4
56
7
8
9
1011
CREATE USER 'www-user2'@'localhost' IDENTIFIED BY 'secure_password12'; 
CREATE DATABASE test;
USE test;
CREATE TABLE not_important_table (id INT, name VARCHAR(500));
INSERT INTO not_important_table VALUES(1,'test'); 
CREATE TABLE credit_card(id INT, cc_number BIGINT,cvv INTEGER);
INSERT INTO credit_card VALUES(1,1111222233334444,321);
INSERT INTO credit_card VALUES(2,1234567890123245,963);
commit;GRANT SELECT ON test.* TO 'www-user2'@'localhost';


---------------------------------------------------------------------------
-

Comments:
First you have to setup an admin password for mysql, then login to it with
> mysql -u root -p
after that create a user with:
> create user 'www-user2'@'localhost' identified by 'secure_password12';
and create a database with
> create database test;
change database:
> use test;
create table:
> create table not_important_table (id int, name varchar(500));
and insert a row into it :
> insert into not_important_table values(1,'test');

create the credit card table and insert some data
> create table credit_card(id int, cc_number biginteger,cvv integer);
> insert into credit_card values(1,1111222233334444,321);
> insert into credit_card values(2,1234567890123245,963);
> commit;
grant privileges:
> grant select on test.* to 'www-user2'@'localhost';


Start the apache web server and you can access the query.php via the
webserver like http://127.0.0.1/query.php
Now you can test on your own environment.
Good luck and don't forget to block every incoming connection to your whole
test environment, except localhost Smile

Update: mysql_connect was removed in PHP 7.0.0, please use older version of PHP or refactor the scripts to use mysqli_* functions.
Last edited by Z - May 27, 2018 - 13:17:05
Global Rank: 541
Totalscore: 42123
Posts: 18
Thanks: 11
UpVotes: 12
Registered: 7y 162d

Last Seen: 1y 4d
The User is Offline
RE: Challenge: Credit Card Challenge Pwned! Help Board
Google/translate1Thank You!0Good Post!1Bad Post! link
edit: Sorry was a bit overhasty there ;)
Last edited by SleepProgger - Apr 15, 2012 - 13:02:48
Global Rank: 299
Totalscore: 71277
Posts: 25
Thanks: 22
UpVotes: 17
Registered: 5y 350d



Last Seen: 234d 23h
The User is Offline
RE: Challenge: Credit Card Challenge Pwned! Help Board
Google/translate1Thank You!1Good Post!0Bad Post! link
I'm just starting to crack this problem, but it's not hints I want. I want to tell you my idea for testing solution in auto mode, no more manual checking. Well from time to time it's ok to have some manual maintenance Smile.

My idea consists in using a headless web browser to check the solution. The idea is that the headless web browser can access the link that you would access by hand, run the attacker's payload and then close. If the payload was good then the attacker obtains the values he wants in it's logger. One more thing. The machine where the headless browser will run inside the intranet so it can access:

GeSHi`ed Plaintext code
1
http://very-secure-intranet.local/query.php


Here you can find more info about a headless web browser written in Python (PySide/PyQt, WebKit)
GeSHi`ed Plaintext code
1
https://github.com/makinacorpus/spynner


Usage example:
GeSHi`ed Plaintext code
1
https://github.com/makinacorpus/spynner/blob/master/src/spynner/tests/spynner.rst


I never used Spynner, but I found it while I tryed to find info about Python and Webkit integration when I was considering writing a bare bone headless web browser by myself.

I hope it helps.
Redknee, ckclark, tunelko, silenttrack, qdxy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 27325 times.