Open in app

Sign in

Write

Sign in

EG-CTF Tamp3rat0r Challenge

Eddie Mora
2 min readNov 17, 2019

--

This is a write-up about ‘Tamp3rat0r’’ a web challenge from EG-CTF

So after checking the link given http://167.71.248.246/secure/ we found this!

Its and HTTP login form and the first thing that cames to my mind is to bypass it, first, let's try random values but basically nothing works the page reloads itself and ask for authentification and if you cancel it you get this

Let's run Burpsuite to understand more!

As you can see here, this is the response of the server after entering random values, in the last line our value encoded in base64, the protected resource is /secure/ so we need to find a way to reach it!

after searching in google I understood that Http login forms are vulnerable to something called Htaccess misconfiguration so basically we can exploit it, and this is how :

We need just to change the Get to Post in our request and Bingo! This is the Flag.

Security
Ctf Writeup
Ctf2019
Hacking

--

--

Eddie Mora

Written by Eddie Mora

169 Followers

The best puzzles are not meant to be solved{fahdabida.com}

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams