Web 100 – Guess Harder
Probably one of the simplest challenges of the
competition. When you navigate to the
website you are given a password form and a statement saying “You will never
guess my password!”
Immediately we turned on Tamper Data in Firefox to look at
what was being passed by the form. The
only thing that was strikingly obvious was in the cookie being sent was a
variable called ‘admin’ that was set to ‘false’. We set it to ‘true’ and sent it on its
way.
And upon return, we got key{told_ya_you_wouldnt_guess_it}.
#winning
- shdwstrk
#winning
- shdwstrk
No comments:
Post a Comment