Cyber Earth Cup Industrial Internet Security Competition - Missing a Large Number of Device Reports (Signature Challenge) - Writeup

Jan 6, 2019#CTF #CTF writeup23

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The article discusses a cybersecurity competition called the "Cyber Earth Cup Industrial Internet Security Competition" and provides a write-up of one of the challenges. The challenge involves a control system management website where participants need to find a flag by manipulating the ID parameter. The author explains two methods to find the flag: by brute-forcing the ID parameter using Burp Suite or by using a tool called "search and replace" to search for the flag in the server's response data. The article includes screenshots and links to relevant images and tools.

Why write a writeup for a question that has already ended for a long time: because I was doing a question on a certain CTF training platform

First, open the link, it is an industrial control management system:

Click all the buttons on the left side, only the report center can be accessed:

Select a time and there is no response, and the lower left corner reminds you that this is a question for free points. Hmm, seeing that the link is id=1, I thought of trying to run the id

Capture the package with Burp, send it to Intruder, and set the Payload type to Numbers:

From 1 to 5000, gradually increase it by 1, and set the threads to 999. If the setting is too small, it will be difficult to move halfway:

Then start running the package, after running it, you can actually see that the id 2333 is problematic:

Directly set id=2333 and get the flag:

Here we have another way, you can use a small tool: search and replace, click here to download, after capturing the package, save the data returned by the server:

Then open the file with the tool and search for the flag. Set the file filter to *.* and then search to get the flag: