WhiteHat Grand Prix 2016 - Web100 - Bánh Bột Lọc | Ph03nix Team

Ph03nix Team

H4ck f0r fun

Home About Us
WhiteHat Grand Prix 2016 - Web100 - Bánh Bột Lọc
BlackWings

Challenge:

http://web05.grandprix.whitehatvn.com

Step 1: View source index.php.bak

	$key="1337";
	if ($username.$key == md5($password)){
		echo $secret;
	} 

Step 2: We must Brute-force password, I write a python script to solve that problem
BruteForce.py

Step 3: Submit flag
http://web05.grandprix.whitehatvn.com/index.php?username=3acc36691f4866c6654ce9f8bdfc&password=BVCA

FLAG: WhiteHat{92ab818618fee438a1ea3944b5940237975f2b1d}