WeChall - AUTH me

Posted on In Views: Disqus:

Challenge

SSL/TLS client certificate authentication challenge. The apache.conf shows authme.wechall.net requires client certificate verification.

需要使用客户端证书访问 authme.wechall.net 上的挑战页面。

Solution

关键线索在挑战页面的 find_me/ 目录下,存放着客户端证书文件:

1
2
3
$ curl -sL -b 'WC=...' 'https://www.wechall.net/en/challenge/space/auth_me/find_me/client.crt'
$ curl -sL -b 'WC=...' 'https://www.wechall.net/en/challenge/space/auth_me/find_me/client.key'
$ curl -sL -b 'WC=...' 'https://www.wechall.net/en/challenge/space/auth_me/find_me/client.p12'

Apache 配置文件 find_me/apache.conf 显示服务器要求客户端证书验证:

1
GnuTLSClientVerify require

使用下载的客户端证书访问目标页面:

1
2
3
$ curl -sk -b 'WC=...' \
  --cert client.crt --key client.key \
  'https://authme.wechall.net/challenge/space/auth_me/www/index.php'

返回:Your answer is correct. Congratulations you have solved this challenge.

关键:必须同时携带 WC cookie 和客户端证书,这样服务器才能将 solve 注册到你的账户。-k 参数跳过自签名证书验证。