EG-CTF Tamp3rat0r Challenge

This is a write-up about ‘Tamp3rat0r’’ a web challenge from EG-CTF

So after checking the link given http://167.71.248.246/secure/ we found this!

Its and HTTP login form and the first thing that cames to my mind is to bypass it, first, let's try random values but basically nothing works the page reloads itself and ask for authentification and if you cancel it you get this

Let's run Burpsuite to understand more!

As you can see here, this is the response of the server after entering random values, in the last line our value encoded in base64, the protected resource is /secure/ so we need to find a way to reach it!

after searching in google I understood that Http login forms are vulnerable to something called Htaccess misconfiguration so basically we can exploit it, and this is how :

We need just to change the Get to Post in our request and Bingo! This is the Flag.

The best puzzles are not meant to be solved{fahdabida.com}

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store