This is a write-up about ‘Tamp3rat0r’’ a web challenge from EG-CTF
So after checking the link given http://18.104.22.168/secure/ we found this!
Its and HTTP login form and the first thing that cames to my mind is to bypass it, first, let's try random values but basically nothing works the page reloads itself and ask for authentification and if you cancel it you get this
Let's run Burpsuite to understand more!
As you can see here, this is the response of the server after entering random values, in the last line our value encoded in base64, the protected resource is /secure/ so we need to find a way to reach it!
after searching in google I understood that Http login forms are vulnerable to something called Htaccess misconfiguration so basically we can exploit it, and this is how :
We need just to change the Get to Post in our request and Bingo! This is the Flag.