http://ad.samsclass.info/COBOL/login1.php
A login page appears, as shown below.
Try logging in with a username of foo and a password of bar
The credentials are rejected, as shown below.
In your Web browser, log in with a username of dumbo and a password of dumbo
The credentials are accepted, but you don't get a flag, as shown below.
Flag CBL 2.1: Dumbo's Flag (10 pts)
Create a COBOL program to send a GET request for Dumbo's login with a User-Agent of COBOL as shown below.The flag is covered by a green rectangle in the image below.
Flag CBL 2.2: Mickey's Flag (10 pts)
The user named mickey has a password that is a single digit, from 0 through 9.Create a COBOL program to send ten GET requests to brute-force mickey's login as shown below.
The flag is covered by a green rectangle in the images below.
Hint: to change part of a string, see this MOVE explanation.
...
...
Flag CBL 2.3: Pluto's Flag (10 pts)
The user named pluto has a password that is a single letter, from A through Z.Create a COBOL program to send GET requests to brute-force pluto's login as shown below.
The flag is covered by a green rectangle in the images below.
...
...
IDENTIFICATION DIVISION.
PROGRAM-ID. ECHO.
DATA DIVISION.
WORKING-STORAGE SECTION.
01 NAME PIC A(20).
PROCEDURE DIVISION.
A-PARA.
DISPLAY 'ENTER YOUR NAME: '.
ACCEPT NAME.
DISPLAY "Hello, "NAME.
STOP RUN.
Execute these commands to compile the code
and run it:
cobc -free -x -o echo echo.cbl
./echo
Enter a name when you are prompted to.
The program repeats your name back,
as shown below.
IDENTIFICATION DIVISION.
PROGRAM-ID. WALDO.
PROCEDURE DIVISION.
A-PARA.
DISPLAY 'Waldo'.
STOP RUN.
Compile the code
and run it.
It prints Waldo,
as shown below.
./waldo | ./echo
The output is "Hello, Waldo",
as shown below.
http://ad.samsclass.info/COBOL/marco.php
A challenge page appears, as shown below.
Enter a response of POLO as shown above.
The response is accepted, but you don't get a flag, as shown below.
Flag CBL 2.4: Marco's Flag (10 pts)
Create a COBOL program to send the response to the marco.php form with a User-Agent of COBOL.The flag is covered by a green rectangle in the image below.
http://ad.samsclass.info/COBOL/chal1.php
A challenge page appears, with a random challenge string, as shown below.
Enter challenge string into the "You say" field, as shown above, and submit it.
The response is accepted, but you don't get a flag, as shown below.
Flag CBL 2.5: 30-Second Challenge (10 pts)
Create a COBOL program to send the correct response with a User-Agent of COBOL.The flag is covered by a green rectangle in the image below.
Posted 4-7-2020 by Sam Bowne
Minor updates 6-24-22