Points: 100 points + bonus 20
- In this box we can see that guest is enabled.
- So, try to login with username guest and password guest
- Then it shows that there is an admin account. So, we need to exploit it. But don’t know the username and password.
- Then we can try running a fuzzing script. But it will not break.
- While analyzing the cookie, we will get that it is a base64 encryption of something.
- From this we can identify that these two cookies have some relation.
- Decode these to base 64, then auth will become,
And check will become
- From this we can find that check is the base64 encoded value of auth.
- Change auth to
and Base64 Encode this and paste to auth cookie, also make its md5 and base64 encode It, then paste to check cookie.
- Reload the page and you will get the flag.