Here is the Mission 'Statement'. Pretty Awesome if you ask me.
Level 1 Challenge: Unlock Me
This was the first challenge, gotta admit, it wasn't easy for me actually. So you only have the Username and Password to Login and thats basically is the flag to capture.
First things first, i looked for any hardcoded credentials and this usually can be found in the page source.
Analysing the page source, i find only what seems to be a Username. Upon further analysis, there's no passwords that can be found. That's it, im done...for a while..
Then i noticed the 'Forgot Password'. Hmm..... looks interesting.
And when i clicked on it, it asked for the Username. Wait! We do have a Username! Input the username and type in 'Get Password'
Password is sent to the registered email! But wait, i did not provide any email in the first place. Taking a look at the URL, i see the good old Parameter values. Yeap, there's a parameter called 'emailid=' and its using 'demo@example.com'.
So the next step is to test by putting in my valid email address and execute the URL. Again, Password successfully sent.
To test if this works, i logged into my email address and fair enough, the password is provided!
With the received password, input both the username and password and click Login. Oh yeah! Houston, we just successfully captured the first flag!!!
Onto the next Level!!!!
No comments:
Post a Comment