Logon

Problem Description

*The factory is hiding things from all of its users. Can you login as Joe and find what they’ve been looking at? https://jupiter.challenges.picoctf.org/problem/44573/ (link) or http://jupiter.challenges.picoctf.org:44573

• Target: https://jupiter.challenges.picoctf.org/problem/44573/
• Goal: extract a flag
• Initial Observations: Nothing interesting

Tools Used

• Web Inspect

Solution Steps

1. Checking how is validation is done
   it say to login as Joe but when trying to I got

   then let’s try random credentials and see what happens. I used me and 1234 and got

   Good a step forward. let’s see the request on burp suite

   

   the website sets a cookie of admin=False I think this is preventing me from getting the flag.

2. Investigating the cookies
   I tried setting the admin cookie in the request but didn’t work. Then I tried the cookie editor extension but no cookies showed in it. So it’s time to use the web inspect, I opened the application and here we go

   Then by editing the admin value to True we get the flag.