BOOK THIS SPACE FOR AD
ARTICLE ADI have started to Solve The Hacker101 CTF which is beginner Friendly to expert level and me trying to solve the easy levels while solving I encountered a Challenge called PostBook where the site is vulnerable to IDOR and manipulating the cookie to get the flag
FLAG 0:
Websitehmmm looks like a Sign-in page well time to brute-force it cause from the Hint they gave we came to know the username is “user”.
Hintso gotta find the password well try some common passwords like “qwerty”, “123456”, ”pass”, and “password” We can find the password which is “password”
Alright We got the Flag 6 more to Go!!!!!!!!!!
FLAG 1:
HintSo from the Hint we can get it that we gotta mess around with the id
so let’s check our id
Okay cool the id is in Alphabetic Order so why not change it to all the alphabets available ranging from A-B (lowercase) so while changing and playing with it we can go around with other people account for me it sounds like IDOR Yay let’s goo
Changing IdNot only logging into others account but also can view their Activity so why not open and change it??????? so i did it
And thats how i got the Flag simple right from the hint changing id to getting the access to other’s activity
Alright we got the flag 5 more to Go!!!!!!!!!!!!!!!!!!
FLAG 2:
Hintlooks like we gotta use our Developers tool to find the flag but they said specifically to check when creating a new post
We inspected it now what????????? well we gotta change it again like idor changing and getting the result make sure you know your id first and try to change to someone’s id and post it luckily you will get it
FLAG 3:
Hintwell, what’s 189*5????????????? why not calculate it?????? so it will be 945 Does it do sounds like an id isn’t it??? so let us find a place it fit it
so I did try to replace all the places where I find the word “id ”but if you notice we can see the word in editing and someone’s post and in our post itself so I did try to change the id of our post to the result of what we got in from 189*5
so why not change and see our result??????
Alright we got another flag 3 more to GO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
FLAG 4:
HintHmm, I gotta edit someone else’s post sounds Familiar right????
remember Flag 2 method same but different instead of inspecting we are changing it in URL itself
This is our original post we are editing it now what if i change the id can i get access to someone’s post and can i edit their content???????
In fact Yes we can access their post and edit what they have done then what else is left just click save the post and we get the Flag
Alright we got the FLAG!!!!!!!!!!!!!!!!!!!!!!!!!!! 2 more to GO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
FLAG 5:
we can see that we need to change the cookies to get the access to Account which have the id of 1 we just need to take our cookie which is encrypted with MD5 so if we decrypt it we get the value of our Id and we need to generate MD5 of id value as 1 and resend the request with this cookie id and we will get the Flag
So we need to change it to MD5 encrypted value to 1 and we will get the FLAG
FLAG 6:
Alright Everything seems familiar task nothing but Modifying and playing around with id value everywhere like every pages and elements
What we need to do is nothing direct to the delete element and you can see there is a MD5 for the id value so you can see hello everyone! in the blue right which is different user goes to that page and you can see their id so come back to this page
get their id value in MD5 value and……
paste the hash value we got for the user and delete the post
There We GOOOOOO WE GOT THE FLAG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
So totally from this Ctf, I learned a lot about IDOR in practice and Some Cookies manipulations stealing other’s sessions UWU
I hope you learned something from this Writeup if so like it :)
The most important thing I wanna say is when you did the steps correctly and you didnt get the result it means the steps are correct but one last like posting the post I did back in ctf I did came to another account but was blinking why am I not getting the flag then I realised that I need to make the post to get the flag XD
Happy Hacking!!!!!!!!!!!!!