Rating: 4.5

# Writeup for the challenge **_`CowBoy World`_** from DownUnder CTF 2021
----

- ## Challenge Information:

| - | - |
| ----------- | ----------- |
| Name: | **`Cowboy World`** |
| Category: | **`Web`** |
| Points: | **`100pts`**|

## Description:
I heard this is the coolest site for cowboys and can you find a way in?

---

![Capture 1](https://user-images.githubusercontent.com/33517160/134733781-d93f214b-a3f5-41d6-928a-122782eb34ee.png)

First thing we get greeted with this normal login form nothing special about it,
before i start doing anything else i decided to check out the `/robots.txt` , i know im on the right track because of the hint provided by the dev [Hint Link]([https://www.youtube.com/watch?v=fn3KWM1kuAw](https://www.youtube.com/watch?v=fn3KWM1kuAw)).

- ### /robots.txt:
```
# pls no look

User-Agent: regular_cowboys
Disallow: /sad.eml
```

we see a `User-Agent` Header but thats just a rabbit hole to try and send requests as `regular_cowboys`, but we also see an email file named `sad.eml` and when we open it with a text editor or outlook we get:

- ### /sad.eml
```
Everyone says 'yeee hawwwww'

but never 'hawwwww yeee'

:'(

thats why a 'sadcowboy' is only allowed to go into our website
```

so now we have a possible username which is `sadcowboy`, to see if the login form has flaws in errors like telling us exactly if the password is wrong or the username, by entering the username `sadcowboy` and a random password i see that we get `Incorrect password` and when i try with another username i get `Incorrect username or password` so now i confirmed the username is correct, and the hint for the password was not clear but i believe it was the `:'(` also when trying `'` we get an `Internal Server Error` so now we know its a sql injection.

so i tried couple sqli login bypass payloads that contains single quotes using the burp repeater trying out payloads in the browser will give an `Internal Server Error` and the payload `'+or+'1'='1` worked with me.

![Pasted image 20210924221939](https://user-images.githubusercontent.com/33517160/134733847-6e8fa801-7aed-4472-9823-cfd38f675f91.png)

Flag: **`DUCTF{haww_yeeee_downunderctf?}`**

Original writeup (https://github.com/0xRar/Cowboy-World-DUCTF).