Crack the Gate 1
We’re in the middle of an investigation. One of our persons of interest, ctf player, is believed to be hiding sensitive data inside a restricted web portal. We’ve uncovered the email address he uses to log in: ctf-player@picoctf.org. Unfortunately, we don’t know the password, and the usual guessing techniques haven’t worked. But something feels off... it’s almost like the developer left a secret way in. Can you figure it out?
We are presented with a login page and an email but the brute force attempts so we need to find another way to login.
Let’s take a look at the page source code. We will find a very interesting thing.
that seems like a cipher let’s use
dcode
we will find that it is a rot-13 let see what it says
NOTE: Jack - temporary bypass: use header "X-Dev-Access: yes"
So now we have our way in let’s use burp here to intercept the request and add our header.
