From 5237f8416881fff5aa822697dbc1f402e81e5e89 Mon Sep 17 00:00:00 2001 From: Xavier Romano <54741558+DarkDenims@users.noreply.github.com> Date: Mon, 13 Nov 2023 02:44:27 +0800 Subject: [PATCH] Logon - New Writeup --- Web Exploitation/Logon/README.md | 39 ++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 Web Exploitation/Logon/README.md diff --git a/Web Exploitation/Logon/README.md b/Web Exploitation/Logon/README.md new file mode 100644 index 0000000..317dc2f --- /dev/null +++ b/Web Exploitation/Logon/README.md @@ -0,0 +1,39 @@ +# Factory Login Form Exploitation Instructions +### This is under the assumption that you also used the hint same as i did. + +In the login form, it appears that only Joe's password is being checked, and any login attempt would let us into the site. I will use the credentials: +- Username: admin +- Password: admin + +After logging in, we are redirected to a flag page. Despite the notice stating that there is no flag directly on the page, we must assume that there is a flag here. Our goal is to trigger something to reveal the flag on the page itself. + +Here's a step-by-step guide: + +1. **Login:** + - Username: admin + - Password: admin (or any other credentials of your choice) + +2. **Flag Page:** + - Once logged in, navigate to the flag page. + +3. **DevTools Inspection:** + - Open the browser's developer tools (usually by right-clicking on the page and selecting "Inspect" or pressing `Ctrl + Shift + I`). + - Go to the "Application" tab. + +4. **Inspect Cookies:** + - Look for the "Cookies" section and find the cookies related to the session. + - In your case, there might be three rows of data: + - `Name: admin - Value: False` + - `Name: username - Value: admin` + - `Name: password - Value: admin` + +5. **Change admin Value:** + - Change the value of the `admin` cookie from `False` to `True`. + - This implies that we no longer need Joe's credentials. + +6. **Flag Display:** + - Return to the flag page or refresh it. + - You should now see the flag displayed on the page. + +In your case, the flag is: `picoCTF{th3_c0nsp1r4cy_l1v3s_6edb3f5f}`. +