Web2, Web, 200pts
March 26, 2017 ยท View on GitHub
Problem
There are two kinds of people in this world. One with all the privileges and the others. Can you get the flag by eating some British biscuit?
Solution
We get a website with register and login form.
After registering with username and password stack:stack I logged in and saw the welcome screen:
There were two cookies set (u and r). Their values starts from the same string (351e766803). I registered two other users and found that MD5 hashes of username and limited string are added and saved as u and r cookie respectively (those stands for, probably, user and role)
For user stack with password stack it was:
u=351e766803fac2a47adace059aff113283a03f6760 //stack
r=351e766803d63c7ede8cb1e1c8db5e51c63fd47cff //limited
So the solution was simply to change those two cookies into representing admin as a user and admin as a role:
u=351e76680321232f297a57a5a743894a0e4a801fc3 //admin
r=351e76680321232f297a57a5a743894a0e4a801fc3 //admin
where 351e766803 is shared part and 21232f297a57a5a743894a0e4a801fc3 is MD5 hash of string admin.
And it was the right solution:
Flag: flag{bb6df1e39bd297a47ed0eeaea9cac7ee}