CYCA2014 Walkthrough- Club Status
Australian Cyber Security Challenge is a Hacking game of Capture the Flag. In which you need to capture a flag in other words accomplish a goal to proceed to next level. In this particular challenge there are several levels but this report will be comprised of capturing flags up to the third level. Burpsuite is the primary tool we use to accomplish this goal, Hence the browser should be connected to the Burpsuite by setting the proxy server of the browser to localhost or 127.0.0.1. The Flags in order are:
First Go to the Blog while having burpsuite as the proxy.
Then make sure the intercept is on in burpsuite.
Then go to the Sessions and click "Open cookie jar" to check what are the cookies that are being used
And now we can observe that there are two flags and one is named "vip" which has a value 0. If we were able to set it 1. We might be able to enter the blog.
So now click the "Edit cookie" and change the value of the flag.
Now we go to blog and if it was successful.
And it was successful. Now the First flag is captured
Flag 1: Club Status
In this the goal is to become a VIP to access the blog as only VIP people access it.First Go to the Blog while having burpsuite as the proxy.
Then make sure the intercept is on in burpsuite.
Then go to the Sessions and click "Open cookie jar" to check what are the cookies that are being used
And now we can observe that there are two flags and one is named "vip" which has a value 0. If we were able to set it 1. We might be able to enter the blog.
So now click the "Edit cookie" and change the value of the flag.
Now we go to blog and if it was successful.
And it was successful. Now the First flag is captured
Comments
Post a Comment