Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Logon

Points: 150

Category

Web Exploitation

Question

I made a website so now you can log on to! I don't seem to have the admin password. See if you can't get to the flag. (link)

Hint

Hmm it doesn't seem to check anyone's password, except for admins?

How does check the admin's password?

Solution

Using any password and username, you will be able to login, however, upon logon,you will be greeted by:

Success: You logged in! Not sure you'll be able to see the flag though.
No flag for you

Upon inspection of cookies, it can be seen that there exists a cookie names admin with theh value false

admins		False			2018shell1.picoctf.com	/	1969-12-31T23:59:59.000Z	10
password	password		2018shell1.picoctf.com	/	1969-12-31T23:59:59.000Z	20
username	username		2018shell1.picoctf.com	/	1969-12-31T23:59:59.000Z	20

Changing the value of admin to True will result in the printing of the flag.

Working solution solve.py

Flag

picoCTF{l0g1ns_ar3nt_r34l_a280e12c}