Wed, Jan 06, 21
Welcome back to my walkthrough of hackthissite.org’s CTF missions. I will be going through my thought process of how I solved these missions, and therefore also giving away the solutions. If you came across this to give you hints, watch out for spoilers! Good luck, have fun.
This challenge is instantly different from the previous challenges. There is no hint available, and all we are presented with is a password form. So, backtracking to the challenges page we can see that the preface to this challenge is that Sam has moved to a more hidden approach to authenticating users but didnt think about whether they knew their way around javascript.
Going back to the challenge, the first thing that I will do is inspect the password form. The form makes a POST request to /missions/basic/10/index.php.
Doing a random password test reloads the same page but without the password field, simply a ‘you are not authorised’ message. Looking at the page, it doesn’t seem like this password check is done locally, but looking at the cookies of this webpage, we can see an interesting cookie: level10_authorized that has it’s value set to no. We can try to edit this field to yes and try to submit another request with some random password. Voila! We have completed this challenge! We could have edited the cookie with javascript, but google chrome dev tools allows you to directly edit cookies manually.