Tags: web_exploitation
Rating:
Solution:
1. Boot Logs Analysis:
The boot logs show an error related to insufficient RAM. You need to upgrade it to 8GB.
Start by visiting the /robots.txt directory for hints.
2. Finding Login Credentials:
In /e8e53a51ba308caf79e4628357787f65, you will find login credentials in the console logs:
```
username: system0
password: 5yc0re
```
When logging in, an error states that “system0” is unauthorized to access the page and only “samarth” can. We need to find a way to log in as “samarth.”
3. Exploiting the JWT Token:
The site uses a JWT (Json Web Token) in the cookies. The username inside the token is system0.
We can use JWT brute force tools with the rockyou wordlist to crack the token's key. The key is:
winniethepooh
4. Modifying the JWT Token:
Change the payload of the token from system0 to samarth, sign it with the key, and replace the token in the browser.
5. RAM Upgrade:
After logging in, the system already has 4GB of RAM, so you need to add 4GB more (i.e., 8 units of 512MB RAM).
6. Price Modification:
`The price for purchasing 8 units of RAM exceeds the available wallet balance of $5`.
Modify the price field and corresponding hashes to trick the system.
Use the Rot-47 Cipher to adjust the price and hash fields. Decrypt and re-encrypt using a lower price value (e.g., $1), and modify the hash2 field accordingly.
7. Submit Purchase:
Submit the modified POST request to the /buy endpoint with the new price and hashes.
`Flag: VishwaCTF{s3r_y0u_d353rv3_t0_w1n}`
