Tags: php web 

Rating:

In this challenge, it was noticeable that if you accessed the main directory '/' of the challenge's website, the web server would render all the files and directories present on the page (including a file named `database.db`, which was an SQLite database). \
As soon as I found this file, I analyzed its contents until I discovered the hashed password of the admin. This hash (in SHA-1) started with a very famous prefix known for its vulnerabilities in PHP, namely `0e`. \
In fact, the password would be interpreted by PHP as a number, specifically `0`. The only way I had to bypass the login was to find a SHA-1 hash that also started with `0e`. \
This is one useful repository with a lot of these hashes: [Repository](https://github.com/spaze/hashes/tree/master)

Original writeup (https://github.com/AlBovo/CTF-Writeups/tree/main/nullcon%20CTF%202023).