Monday, June 17, 2013

3dub 1 - DEF CON Quals 2013 badmedicine writeup

This challenge started off with a login page.  If you would try to login as 'admin', it would say that doing so was disabled.

So, I started up burp's proxy to see what everything that was being sent.
I then attemped to login a user other than 'admin' and noticed that it also sent a cookie.

Then I attempted to login as 'bdmin'.

It sent the cookie: '0ac8259ca0'
I then attempted 'cdmin' and received the cookie: '0bc8259ca0'

So, assuming there was a pattern, I figured the cookie for 'admin' was:  '098259ca0'

I sent a username and then edited the cookie to  '098259ca0'.

The key is: who wants oatmeal raisin anyways twumpAdby

... I prefer chocolate chip

No comments:

Post a Comment