Thursday, August 15, 2013 Basic Challenge 10 | Shivang Desai


Hackthissite basic challenge 10 says that :
"This time Sam used a more temporary and 'hidden' approach to authenticating users, but he didn't think about whether or not those users knew their way around javascript..."

If you look properly, then it would be clear that knowledge of "basic challenge 4 & 5" will be applicable here once again.

The challenge says about "The hidden approach" to authenticate the user. The best way to do this is via "cookies".

Before starting, I just entered random password and submitted it. But the page appeared said that "You are not authorized to...."

So getting back, it was the time to check the cookies.
I used add-on named "Tamper Data" and "Live HTTP Hearders" in firefox. It's not mandatory to use this, I mentioned it as I am comfortable with it. You can also give "Firebug" a shot.

Through "live HTTP Header" , I got the thing shown in image below:

Here we see that we are not authorized as cookie has value "no" for us.
To change this value, you can either use javascript and change it. But I preferred to use addon named "Tamper Data".
Next image shows the view of Tamper Data.(click on image to enlarge it)

After changing the value to "yes", I submitted this request and got through.

BASIC CHALLENGE 10 solved...! Enjoy.

No comments:

Post a Comment