Logon

March 13, 2025

Problem Description

*The factory is hiding things from all of its users. Can you login as Joe and find what they’ve been looking at? https://jupiter.challenges.picoctf.org/problem/44573/ (link) or http://jupiter.challenges.picoctf.org:44573

Tools Used

  • Web Inspect

Solution Steps

  1. Checking how is validation is done
    it say to login as Joe but when trying to I got

    Local Authority Image 1

    then let’s try random credentials and see what happens. I used me and 1234 and got

    Local Authority Image 1

    Good a step forward. let’s see the request on burp suite

    Local Authority Image 1

    the website sets a cookie of admin=False I think this is preventing me from getting the flag.

  2. Investigating the cookies
    I tried setting the admin cookie in the request but didn’t work. Then I tried the cookie editor extension but no cookies showed in it. So it’s time to use the web inspect, I opened the application and here we go

    Local Authority Image 1

    Then by editing the admin value to True we get the flag.

    Local Authority Image 1

Tags:

Categories: