当前位置:网站首页>Cookie is used to collect the admin privileges CTF foundation problem
Cookie is used to collect the admin privileges CTF foundation problem
2022-08-02 04:01:00 【SevenCold】
A very basic ctf cookie question, if you don't know much about cookies, you can go here to see
https://blog.csdn.net/playboyanta123/article/details/79464684
Not much to say, go directly to the picture.
Source code is something useless.
According to the meaning of the question, we directly use burp to intercept and change the cookie
If the permission is insufficient after the naked packet capture, we directly change the cookie.
Comparing the u and r in the cookie, it will be found that both start with 351e766803, so let's decrypt (MD5) the following things.
Found that u is username and r is limited.
So we have to change the latter to get admin privileges.
is to change both u and r to 351e766803+md5 (admin), which is 351e76680321232f297a57a5a743894a0e4a801fc3.
Done!flag it appeared!
边栏推荐
- Shuriken: 1 vulnhub walkthrough
- (5) Modules and packages, encoding formats, file operations, directory operations
- 2. PHP variables, output, EOF, conditional statements
- Thread Pool (Introduction and Use of Thread Pool)
- [campo/random-user-agent] Randomly fake your User-Agent
- SQL classification, DQL (Data Query Language), and corresponding SQL query statement demonstration
- Baidu positioning js API
- Batch replace file fonts, Simplified -> Traditional
- [sebastian/diff] A historical change extension library for comparing two texts
- PHP8.2 version release administrator and release plan
猜你喜欢
hackmyvm-hopper walkthrough
Offensive and defensive world - novice MISC area 1-12
4. The form with the input
Phonebook
Introduction to PHP (self-study notes)
Eric靶机渗透测试通关全教程
一个网络安全小白鼠的学习之路—nmap高级用法之脚本使用
ES6 array extension methods map, filter, reduce, fill and array traversal for…in for…of arr.forEach
(3) Thinkphp6 database
![[league/climate] A robust command-line function manipulation library](/img/ce/39114b1c74af649223db97e5b0e29c.png)
[league/climate] A robust command-line function manipulation library
随机推荐
hackmyvm: again walkthrough
hackmyvm: controller walkthrough
PHP realizes the automatic reverse search prompt of the search box
(8) requests、os、sys、re、_thread
Xiaoyao multi-open emulator ADB driver connection
Solve the problem of uni - app packaged H5 website to download image
战场:3(双子叶植物)vulnhub走读
4. The form with the input
[symfony/finder] The best file manipulation library
12.什么是JS
Solve the problem of Zlibrary stuck/can't find the domain name/reached the limit, the latest address of Zlibrary
hackmyvm-bunny预排
(2)Thinkphp6模板引擎**标签
(8) requests, os, sys, re, _thread
Scrapy crawler encounters redirection 301/302 problem solution
(5) Modules and packages, encoding formats, file operations, directory operations
(3) string
ES6 iterator explanation example
PHP8.2 version release administrator and release plan
Baidu positioning js API