27th November 2021
Write-up Advent of CTF challenge 2

Write-Up Advent of CTF 2

Overview

The NOVI University Of Applied Sciences is offering an Advent CTF challenge for December 2020. The CTF is created by our community member of the Hackdewereld.nl and Chief Lecturer for Cyber Security at the NOVI University, Arjen Wiersma. If you want to participate in these CTF challenges, you can create an account on the website https://www.adventofctf.com/.

Challenge 2

  • Description: For the 2nd challenge you will need to bypass the login mechanism.
  • 200 Points

I visited the URL https://02.adventofctf.com, and landed on a webpage with a login portal. Below the login portal there is the sentence visible: “Do not try too hard”.

Advent of CTF Challenge 2 bypass login
https://02.adventofctf.com

I tried a SQL injection and some default username and password, and after clicking on Submit, I got redirected to the next page, and it seems that I’m logged in as Guest.

Advent of CTF 2 logged in as Guest
Logged in a Guest

This user does not have the privileges to show the flag. I need to escalate the privileges to admin. I think I do not have to go so far, so let’s check the stored cookie in my internet browser, through the Developers Tools.

Advent of CTF 2 stored cookie
Stored cookie

This is my cookie:

authenticated:"eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0%3D"

This cookie is base64 encoded. After decoding this cookie, I can reveal the data in this cookie. I used CyberChef to decode this cookie and this is the value of the cookie:

Advent of CTF 2 cookie value
Cookie value with guest equals true and admin equals false

This cookie says that the value of Guest equals True and the value of admin equals False. I need to change this cookie to Guest value equals False and the admin value equals True. Then, encode this cookie back to Base64 and modify the cookie in my internet browser to the new value. This is my new cookie value.

Advent of CTF 2 new cookie value
Cookie value with guest equals false and admin equals true

I updated the current cookie in my browser to the new value and refreshed the page. The flag is now visible! Flag: NOVI{cookies_are_bad_for_auth}.

Advent of CTF 2 the flag
Advent of CTF 2 the flag

Thanks for reading!

T13nn3s

I'm a cybersecurity enthusiast! I'm working as an IT Security Engineer for a company in The Netherlands. I love writing scripts and doing research and pentesting. As a big fan of Hack The Box, I share my write-ups on this blog. I'm blogging because I like to summarize my thoughts and share them with you.

View all posts by T13nn3s →

Leave a Reply

Your email address will not be published. Required fields are marked *