hackburger.ee Enter password to get candy Write up

hackburger.ee Enter password to get candy Write up

Written by ch4n3 [at] BoB 6th, team Demon & H3X0R 

Very fun wargame.. I like it~

You can solve it easily, if you know some PHP tricks.

I made some PHP code to understand PHP trick using comparision operator ( == ).

It compares 0 (int) and string. 

Guess it. What screen will be printed?

The screen that we didn't expect appeared.. 

It called by "Type Juggling". To study it, go to https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf.

And I guessed some PHP code of this challenge.

Try it.

So, if $arr['password'] has (int) 0 , you can get the flag.

https://github.com/chaneyoon/wargames/blob/master/hackburger.ee/Enter%20password%20to%20get%20candy/getFlag.py

Enjoy it. Get the flag.

The flag is eae482e1c2d9147891174ecd38bb95a7ee2a9a70