logon
Name: logon Description: The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at? https://jupiter.challenges.picoctf.org/problem/44573/ (link) or http://jupiter.challenges.picoctf.org:44573 Author: bobson Tags: Easy, Web Exploitation, picoCTF 2019 Challenge from: picoCTF 2019 Hints: 1. Hmm it doesn't seem to check anyone's password, except for Joe's?
Theory
According to the description, to get the flag we have to find some way of breaking a password portal or something like that, so we'll look through the code of the site with view source (accessible through Ctrl+U) and see if that gives us a hint about how to get the flag or whatever.
Solution
So we'll open the website and log in with Joe with a random password and see what happens:
I'm sorry Joe's password is super secure. You're not getting in that way.
Hmm, looks like Joe's account is really secure, let's try with random credentials:
We have logged in! But with a random user that doesn't seem to have flag permissions. Although I just noticed the link for this page is /flag, so this must have something great. I have checked the code of the page and there's nothing important there, let's check the cookies, maybe there's something:
Oh and would you look at that, there's a cookie called admin, and it's on false. I guess we can just change that to "True" and reload the page, and we get this:
So yeah, the flag is:
Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_0c98aacc}
There we go! That's the flag.
I rated this level as "good"! :3
https://play.picoctf.org/practice/challenge/46