30
Sep
2012

CSAW 2012 – Web 100

http://128.238.66.216/c4ca4238a0b923820dcc509a6f75849b/
Lara Anderton needs to break into PreCrime to free her husband, but they just installed a fancy new security system. Help her break into it!

The website http://128.238.66.216/c4ca4238a0b923820dcc509a6f75849b/ shows us the following login screen:

The website is setting a Cookie, when looking at the cookie we see it sets two variables

Auth = 0
User = Lara Anderton

We change these variables to:

Auth = 1
User = admin

After changing the variables we request the website again, which results in:

And there is our key: key{I’d like a word with my husband.}

KEY: I’d like a word with my husband.

{2 Responses to “CSAW 2012 – Web 100”}

  1. Hi,

    How do you change the cookie variables?

    anon
  2. Hi,

    How do you change the cookie variables?

    anon