This level does seems to be lot tougher than the previous levels as it does not tell us what we need to do. Yes, the intro does tells us that knowledge of javascript might be helpful, but still no clue, how?
This time Sam used a more temporary and “hidden” approach to authenticating users, but he didn’t think about whether or not those users knew their way around javascript…
Well, we can give a try using all the tricks we have learnt by now, but none of them seems to be working. The task is to think of something that is temporary and hidden from users. Haven’t figured it out by now?
Ok, what we are talking about here are cookies. A cookie is a small piece of data saved on your browser by a server. Every cookie saved has its own specific name and are used to hold values like password, usernames and other information which change from one site to another.
The next task for us is to find out the name of the cookie and change it to complete the level. There are two ways to do this, either by using javascript or by choosing the simpler way using fire cookie.
I choose to do this using fire cookie. You will need to install firebug and fire cookie, both the add-ons to work. When you are ready with fire cookie, refresh the page and press F12 to open firebug tool. Under the cookie tab you will the cookie named ‘level10_authorized‘ having the value as ‘no’, all you need to do is change it to ‘yes’ and press submit.
What did we learn?
Cookie are small units of data, almost every site that you visit sets a cookie on your browser, Most of the times they are encrypted and are not a threat, but one like this one can be a great danger to security.
Good luck!!!
- PHP syntactic sugar code example - September 5, 2021
- Python convert random string date format to Datetime - July 12, 2021
- Laravel Custom Exception Handlers - March 28, 2019
How do you do this with javascript?
javascript:alert(document.cookie); to bring up the cookie info, then javascript:void(document.cookie=”level10_authorized = yes”)’
@anaryl this doesn’t work, i think we need to use xss here
i’m just fire up inspect elements and goto Storage where cookies is there and just change the Level10_authorized to YES and voilaa..! its passed
Intercept with Burp Suite and change it on the fly…