Thursday, January 1, 2015
31c3ctf - Crypto - sso
Here's what each file returns initially.
admin.php and info.php need a token, and register.php needs a user. I presume we can register a user by passing register.php a user variable, and hope it takes get variables.
This seems to be the case, so we add a password as well.
We now have a token for the other pages.
Note: Passing credentials via the GET method such as this is a security design flaw as information can be bookmarked in the user's browser, or stored in cache of the brower or third-party proxy. Even in this screenshot you can see my high-entropy password. This flaw wont be of use to us for the challenge, but take note of it when coding your own authentication page.