Challenge: Admin has the power. CyberTalents CTF - Write up

This is my first write up on Medium. This story is about the CTF on cybertalents.com. Challenge name is “Admin has the power”.

So lets begin with the challenge:

The CTF page looks like this when you visit the link:-

So as the challenge says we have to be admin in order to get the flag. As of now we do not have any login credentials whether it be of admin or a normal user. So just try some SQL injection or random login credentials.

Random Login Failed Attempt

So now inspect the source code of the page:

Page Source Code

As you can see we have a lead now. Hurray, we have the login credentials of support which are left mistakenly for the repair of the web page.

Now use these credentials to log in and get access to the support account.

Support Successful Login Page

Yeah. We are in. We have support privilege. But in order to get the flag we want admin privilege.

Let’s move on and inspect page. On inspecting the code again nothing suspicious found.

Let’s inspect the session storage or cookies, that might give us some hint.

Cookie inspection

Here you can see that we have a cookie and a role set to support. Let’s mess with the role, as our aim is to get admin privilege.

Change this role to : admin

Role Changed to admin

Now as the role is changed to admin. Refresh the page.

As you can see in the image We got the FLAG.

Now submit the flag and you are good to go for the next challenge.

Follow me on Medium and

Follow my page on instagram: @hackersdad_