[ Day3 ] Web 小可爱

昨天我们解了 Web 50分的题目,今天要来挑战100分的罗

有人在期待吗??
哈哈 我想没有的
我从滑板课下课後立马赶回来写文章
多捧场一下嘛~

logon

The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at? https://jupiter.challenges.picoctf.org/problem/13594/ (link) or http://jupiter.challenges.picoctf.org:13594

Hints

Hmm it doesn't seem to check anyone's password, except for Joe's?

有人猜到这题在考什麽ㄇ?

cookie

是浏览器的小型文字档,提供网路应用程序储存资料纪录(session, ID)

我们 link 点下去後,出现这张图

我输入 username : kaka
password : 123tty

解果出现下图

再来怎麽办呢?
还记得我们昨天有用右键检视网页原始码
‵‵`

<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet">

<link href="https://getbootstrap.com/docs/3.3/examples/jumbotron-narrow/jumbotron-narrow.css" rel="stylesheet">

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>

<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>

<div class="container">
    <div class="header">
        <nav>
            <ul class="nav nav-pills pull-right">
                <li role="presentation" class="active"><a href="/">Home</a>
                </li>
                <li role="presentation"><a href="/logout" class="btn btn-link pull-right">Sign Out</a>
                </li>
            </ul>
        </nav>
        <h3 class="text-muted">Factory Login</h3>
    </div>
    
    <!-- Categories: success (green), info (blue), warning (yellow), danger (red) -->
    
  
  <div class="jumbotron">
    <p class="lead"></p>
    <div class="login-form">
        <form role="form" action="/login" method="post">
            <div class="form-group">
                <input type="text" name="user" id="email" class="form-control input-lg" placeholder="Username">
            </div>
            <div class="form-group">
                <input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password">
            </div>
        </div>
        <div class="row">
            <div class="col-xs-12 col-sm-12 col-md-12">
                <input type="submit" class="btn btn-lg btn-success btn-block" value="Sign In">
            </div>
        </div>
    </form>
</div>
<footer class="footer">
    <p>© PicoCTF 2019</p>
</footer>

要怎麽让网站知道登入的帐号是不是 Admin?
答对了! 就是 Cookie
我们按右键->检查 (就是常用的 F12啦)

Application -> Cookies -> 目前的所在网站

睁大眼睛
有看到我刚刚打的帐密ㄇ
有吧有吧,就在上面

你看 Admin 那里是false

我们把他按右键Edit"Value"

改成Ture
再按重新整理页面

Flag 就生出来啦!!!

Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_d1c24fef}

开心又解出一题了

我们成功解出100分的题目嗷 :)

明天见罗