CTF#2 Level 10

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex10.php

Description: This time you just want to cheat, not to really damage anything. You have two tasks: change your wins to be more or equal to 9999 and complete the game on the extreme difficulty (there must be a way around remembering all colors in just a blink of the eye).

Vulnerability: Source Code Tampering

Solution:

This time we will play with the web source code using firebug, after input my Nickname, I choose the game level to extreme and click start game, this game is memory box, you have 3 second remember to color of the box, then after that you have to guess the color of the box. Now right click on one of the box and choose Inspect Element With Firebug.

firebug2
As you can see from screenshot above the sequence are start from color-6, color-5, 3, 0, 9, 2, 3, 7, and last color-6. Below is the screenshot of the color with sequence ex: red is 0, 3 is black, and so on, just match the sequence with index screenshot below.

color-squence

After finish guess the box, go to DOM tab in firebug, scroll down and look for localStorage then right click to edit the property.

dom1

Change the “wins\”: property to 9999

dom2

Back to game and Started, guess again with the sequence color box, after finish it will pass level 10.

level10

Resources and Tool
1. Firebug Firefox Add-on – https://addons.mozilla.org/en-us/firefox/addon/firebug/

0 comments