Monday, September 23, 2013

CSAW CTF Quals: Web 100

Web 100 – Guess Harder

Probably one of the simplest challenges of the competition.  When you navigate to the website you are given a password form and a statement saying “You will never guess my password!”

Immediately we turned on Tamper Data in Firefox to look at what was being passed by the form.  The only thing that was strikingly obvious was in the cookie being sent was a variable called ‘admin’ that was set to ‘false’.  We set it to ‘true’ and sent it on its way. 

And upon return, we got key{told_ya_you_wouldnt_guess_it}.


- shdwstrk

No comments:

Post a Comment