swiss hacking challenge 2024 - serverless-login

Posted on May 1, 2024

Difficulty: baby

Category: web

Author: Pyth0n33

Imagine you’re throwing a party. You could buy all the food, drinks, and decorations, prepare everything yourself, and then clean up afterwards. That’s like running your own servers. You have total control, but it’s a lot of work and expense. Now, imagine instead you decide to hold your party at a restaurant. They handle the food, drinks, and clean-up. You just pay for what you consume. That’s like serverless computing. You don’t worry about the infrastructure; you just focus on having a great party (or in this case, building a great app). However, there seems to have been a misunderstanding about the term serverless…

Remote

We are provided with a hosted web server, no source code:

Exploitation

When looking at the network requests, we see a request to get database.db.

We can download this file and look at it using the sqlite3 CLI:

# sqlite3 database.db
sqlite> .tables
Login
sqlite> select * from Login;
admin|11a4a60b518bf24989d481468076e5d5982884626aed9faeb35b8576fcd223e1

The value next to the username seems to only be a hash, not the real password.

Upon entering it on CrackStation, we get python as a result.

Logging in with admin:python reveals the flag:

Flag

shc2024{wh0_N33d5_4_53RV3r_4nYw4Y2?}

Conclusion

First challenge I’ve solved this qualifier! Took me a whole 2 minutes to solve ^^