Monday, September 23, 2013

CSAW CTF 2013 :: Web: Guess harder (100 Points)

For this challenge, we were given an ip address to head to. http://128.238.66.215

Upon navigating to the IP address given, the following page was displayed as shown below. This suggests that we would need to provide the correct password, before we would be able to proceed.



Viewing the source-file of the HTML page, yields nothing. It was nothing but just a simple HTML page. We decided to use one of our favourite firefox extensions, Tamper Data, to monitor the information flow. Tamper Data allows us to view and modify HTTP/HTTPS headers and POST parameters.

Using Tamper Data, we saw that there was an interesting cookie that was being transmitted.
We changed the cookie from "admin=false" to "admin=true".
Forwarding this amended headers and post parameters to the server yield us the key!


No comments:

Post a Comment