LoveTok – Web challenge HackTheBox | Walkthrough

Introduction

Hi I’m Ajith ,We are going to complete the LoveTok – Web challenge in the hack the box, It’s very easy challenge.

Connecting to the LoveTok

We must first connect the VPN to the hack box and start the instance to get the IP address and copy the paste IP address into the browser. It will show the LoveTok interface page and download the file in HackTheBox.

This is the user interface of the web page.

Analyzing the File

During analyze the file, we found the “php” file of TimeController.php.

$format = isset($_GET['format'])? $_GET['format'] : 'r' ;
$time = new TimeModel($format);

In this code, Passing the value in the parameter of ‘format’.

Analyzing TimeModel

The another php file found in this LoveTok, that is ‘TimeModel.php’.In this code, the ‘format’ value will be passed in this function __construct, the values are executed in the eval() function .

Injection code

We passed the injection code in the url of website, It was changing the “Date and Timein the website. This type of payload is commonly refered to as a command injection payload as it take advantage of a command injection vulnerability in a web application .

http://178.62.11.21:30505/?format=r

Listing files Injection

We using the payload to listing the all files in the webpage. Creating the parameter of ‘1’ and assigned the value of ‘ls’. Inject the code in the website it will show all files in the webpage. We want to add forward slash for executing the remote code value, See this code.

$this --> format = addslashes($format);
http://178.62.11.21:30505/?format=$_{system($_GET[1])}&1=ls+/
We found the file of flagBs3s ????

Finding Flag

Already “ls” value is passed the injection code. Now we assign “1=cat” command injection to see the flag in the flagBs3s file

We found the flag ????

Conclusion

A pretty easy challenge, Just a file Injection and we have found the flag. Out of 10, I would rate 3 out of 10