Help us test the form by submiting the username as test and password as test!
🎯 Challenge Files & Infrastructure
Provided Files
1
Files:None
🔍 Initial Analysis
First Steps
Initially, the website appears as follows:
Site Presentation
With a login screen. As suggested by the page description, I tried entering user=test and password=test, but I got the following screen:
Login Attempt
So I tried entering user=test and password=test!, as suggested by the screen, and managed to log in:
Login
Inspecting the page, there was nothing, but looking at the url field in the browser at the moment of login, I noticed two redirects, so I decided to inspect the request. Let’s move on to exploitation.
🎯 Solution Path
Exploitation Steps
Initial setup
To analyze the request, I did not use BurpSuite since it was just two redirects. I enabled the Keep Log checkbox in the Network section of ChromeDevTools, which retains all request logs.
Exploitation
As we can see, by logging in again and inspecting the Network section, I managed to intercept the two redirects:
Flag Base64
From here, I noticed a parameter id containing a strange base64 string, so I decided to decode it:
1
echo cGljb0NURntwcm94aWVzX2Fs | base64 -d
First Piece
Finding the first part of the flag. Next, I decoded the second one:
1
echobF90aGVfd2F5XzNkOWUzNjk3fQ==| base64 -d
Second Piece
Recovering the second part of the flag. I then concatenated them and decoded once more:
The automatic exploit performs the login request and extracts the redirect link from the header, obtaining the first part of the flag. Then, it makes a GET request to the URL formed by site URL + redirect URL from the header, extracts the second URL containing the second part of the flag using a regex, decodes it from base64, and prints it.
