Points: 100
Tags: picoCTF 2019, Web Exploitation
Author: BOBSON
Description:
The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at?
https://jupiter.challenges.picoctf.org/problem/13594/ or http://jupiter.challenges.picoctf.org:13594
Hints:
1. Hmm it doesn't seem to check anyone's password, except for Joe's?
Challenge link: https://play.picoctf.org/practice/challenge/46
The hint suggests that there is another authentication mechanism than passwords used.
But let's browse to the web site and try to login with username Joe and password Joe anyway.
The message displayed is I'm sorry Joe's password is super secure. You're not getting in that way. which again tells us that this is not a question about finding Joe's password.
Let's try to login with username admin and password admin instead.
The message displayed now is Success: You logged in! Not sure you'll be able to see the flag though.
Let's check for authentication cookies.
Press F12 to open DevTools and go to the Application tab.
Under Storage and then Cookies select the web site.
Note that there is three cookies:
- A cookie named
adminwith the valueFalse - A cookie named
usernamewith the valueadmin - A cookie named
passwordwith the valueadmin
Edit the admin cookie's value and set it to True and then reload the web page (press F5).
Now the web page displays the flag.
If you want to automate the retrieval of the flag you can use curl like this
┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2019/Web_Exploitation/Logon]
└─$ curl -s -L --cookie admin=True http://jupiter.challenges.picoctf.org:13594/flag | grep -oE 'picoCTF{.*}'
picoCTF{<REDACTED>}For additional information, please see the references below.