Another day, another challenge…
In today’s blog post, we’re going to solve level 5 from the Natas wargame challenge.
Going to the following link and entering username of “natas5” and password of “iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq” we see the following:
After pressing “OK” we see:
Hmm… we see that we’re not logged in and access is disallowed.
Using Tamper Data, let’s see if the request headers show us a way to bypass the login feature.
Opening the Tamper Data application and refreshing the website we see:
Hmm… we see inside the Cookie that there is a loggedin that is currently set to zero. What if we change it to 1?
Changing the loggedin feature to 1 and pressing Enter we see:
We received the flag!