Tuesday, 9 February 2016

Write Up: PRIMER 1.0.1 (chp. 4 + 5)

PRIMER is a vulnerable VM developed by Arne Rick featured on Vulnhub. It can be found hereIf you intend to complete this VM yourself then this write up will spoil it for you. So I say in bold and caps - SPOILERS!

CHAPTER 4: [:()[:|:&};:]

In chapter 4 I was met by a continuation of the story, and a link to Chapter 5 (the start of Part 2). EOF.

PART 2/CHAPTER 5: [0xC00007B]

Following the link landed me on a page with a javascript window prompt. No continuation of the story here!

So I opened up the browser debugger to inspect the javascript. In doing so I actually saw the hidden HTML on the page which revealed the URL for chapter 6. I ignored it and decided to complete this little JS challenge anyway.

As can be seen from the JS, 

var X is a  user inserted string, var L is some arbitrary string. 
The if conditions are true if the string is null or if a substring (X.substr) of var X is equal to 
var L

Considering the 1st if condition (from testing) is not the desired result, it is the 2nd if condition that needs satisfying.

The parameters of X.substr show that the substring is made using the chars from the second char through to, and ending on seven chars along from the second char of the user inputed string var X.
This means that the var X must contain var L "Ikdf076" prepended with two other arbitrary chars. Such as "00Ikdf076". 

The string was submitted and the second if condition was satisfied. The window prompt was then removed and revealed the underlying HTML.

Another URL to chapter 6.. Until the next post.