What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-09-11

Hack This Site! - Basic 10

Description:

This time Sam used a more temporary and "hidden" approach to authenticating users, but he didn't think about whether or not those users knew their way around javascript...

Level 10

Enter password
Please enter a password to gain access to level 10

Password:
 ___________________
|___________________|
submit
Solution:
  1. If you type something into the field and submit, you will get the message below.
    You are not authorized to view this page
  2. Let's see where is the authorization part. Since the page source code is a dead end, you should check the header or cookies (use Chrome Developer Tools or other Add-ons for Firefox).
    You will find this information below.
    Cookie:level10_authorized=no;...
    Now, we know that Sam is using cookies based authentication method.
  3. And we need to change the value of the cookie named "level10_authorized" to "yes" to pass the challenge.
  4. There are two ways to reach our goal. First, you can type anything in the field, then

    1. Using a application to intercept the request (e.g., Burp Suite).
      Change value of level_authorized from "no" to "yes".
    2. Use JavaScript. Type the javascript code below in the Chrome Javascript control panel.
      javascript:function pwn(){document.cookie="level10_authorized=yes";}pwn();

  5. Send the request.
  6. Congratulations, you have successfully completed basic 10!