RSS

CSAW CTF 2012: Web 1

This entry was posted on Oct 07 2012

Here we were given a login form and a piece of text instructing us to bypass the authentication.

http://128.238.66.216/c4ca4238a0b923820dcc509a6f75849b/



Lara Anderton needs to break into PreCrime to free her husband, but they just installed a fancy new security system. Help her break into it!

When the login form appeared for the first time, we watched its cookies using Mozilla Firefox addon “Live HTTP Headers”. We found a couple of them:


auth=0

user: Lara+Anderton

First we tried to set auth = 1 and “Replay”-ed the POST request. The result was
Eyeballs.*

Again the next attempt was to set auth=1 and user=admin. This time we didn’t return empty handed. It displayed the following text


*Eyeballs.*key{I'd like a word with my husband.}

Solution: I'd like a word with my husband.

Post a Comment