Challenge
The thread of the challenge can be found here.
Solution
The site reads that you are logged in as guest. This challenge didn't have much to work with as there weren't any login pages, profile pages etc.
The focus of this challenge was how the site knows you are logged in with a certain account. This is generally achieved with the use of something called cookies (video).
To view and edit cookies in chrome right click and hit inspect (CTRL + SHIFT + I).
Click the application tab at the top:
On the left hand side, double click on 'Cookies' and select the current site (http://51.89.148.191/):
You will then see all active cookies on the page, to change the cookie name or value just double click on it.
Here you should have seen a cookie with the name 'userid':
This cookie was used to identify a user on the vulnerable site. The fact that this cookie was just a number hinted that increasing or decreasing the number may effect the user.
If you increased the 'userid' cookie's value to 1 and refreshed the page you would see the following:
This shows us that we can hijack user accounts by simply changing the value of the 'userid' cookie. If you changed the value of the cookie to 2 then you would get the admin's sessions and see this:
And that was it! I hope everyone who attempted the challenge enjoyed it. I am now making an easy and hard challenge every week so feel free to follow me to stay updated.
Please leave any comments and questions on the challenge / solution below!
The thread of the challenge can be found here.
Solution
The site reads that you are logged in as guest. This challenge didn't have much to work with as there weren't any login pages, profile pages etc.
The focus of this challenge was how the site knows you are logged in with a certain account. This is generally achieved with the use of something called cookies (video).
To view and edit cookies in chrome right click and hit inspect (CTRL + SHIFT + I).
Click the application tab at the top:
On the left hand side, double click on 'Cookies' and select the current site (http://51.89.148.191/):
You will then see all active cookies on the page, to change the cookie name or value just double click on it.
Here you should have seen a cookie with the name 'userid':
This cookie was used to identify a user on the vulnerable site. The fact that this cookie was just a number hinted that increasing or decreasing the number may effect the user.
If you increased the 'userid' cookie's value to 1 and refreshed the page you would see the following:
This shows us that we can hijack user accounts by simply changing the value of the 'userid' cookie. If you changed the value of the cookie to 2 then you would get the admin's sessions and see this:
And that was it! I hope everyone who attempted the challenge enjoyed it. I am now making an easy and hard challenge every week so feel free to follow me to stay updated.
Please leave any comments and questions on the challenge / solution below!
Last edited:
