Very secure website
by shreyas-sriram
Some students have built their most secure website ever. Can you spot their mistake?
http://dctf1-chall-very-secure-site.westeurope.azurecontainer.io/
Solution
- The website contains the source code
- From the source code, it can be seen that the right combination of username and password will give the flag
- The hashing algorithm used is
tiger128,4, which seems to be weak - Crack the username hash
51c3f5f5d8a8830bc5d8b7ebcb5717df(use this website) to getadmin, however the password cannot be reversed - Some research on using
equal-equalandtiger128,4leads to PHP magic hashes - Using
LnFwjYqBas the password reveals the flag
Flag
dctf{It's_magic._I_ain't_gotta_explain_shit.}