HackMD - Collaborative Markdown Knowledge Base

### {Day3} Web 小可愛 #### 昨天我們解了 Web 50分的題目,今天要來挑戰100分的囉有人在期待嗎?? 哈哈我想沒有的我從滑板課下課後立馬趕回來寫文章多捧場一下嘛~ ## logon > The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at? https://jupiter.challenges.picoctf.org/problem/13594/ (link) or http://jupiter.challenges.picoctf.org:13594 ### Hints Hmm it doesn't seem to check anyone's password, except for Joe's? 有人猜到這題在考什麼ㄇ? ### cookie 是瀏覽器的小型文字檔,提供網路應用程式儲存資料紀錄(session, ID) 我們 link 點下去後,出現這張圖 ![](https://i.imgur.com/WQoip5u.png) 我輸入 username : kaka password : 123tty 解果出現下圖 ![](https://i.imgur.com/7x9cn29.png) 再來怎麼辦呢? 還記得我們昨天有用**右鍵**檢視網頁原始碼 ‵‵`<html lang="en"> <head> <title>Factory Login</title> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet"> <link href="https://getbootstrap.com/docs/3.3/examples/jumbotron-narrow/jumbotron-narrow.css" rel="stylesheet"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> </head> <body> <div class="container"> <div class="header"> <nav> <ul class="nav nav-pills pull-right"> <li role="presentation" class="active"><a href="/">Home</a> </li> <li role="presentation"><a href="/logout" class="btn btn-link pull-right">Sign Out</a> </li> </ul> </nav> <h3 class="text-muted">Factory Login</h3> </div>  <div class="jumbotron"> <p class="lead"></p> <div class="login-form"> <form role="form" action="/login" method="post"> <div class="form-group"> <input type="text" name="user" id="email" class="form-control input-lg" placeholder="Username"> </div> <div class="form-group"> <input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password"> </div> </div> <div class="row"> <div class="col-xs-12 col-sm-12 col-md-12"> <input type="submit" class="btn btn-lg btn-success btn-block" value="Sign In"> </div> </div> </form> </div> <footer class="footer"> <p>© PicoCTF 2019</p> </footer> </div> <script> $(document).ready(function(){ $(".close").click(function(){ $("myAlert").alert("close"); }); }); </script> </body> </html> ‵‵` 要怎麼讓網站知道登入的帳號是不是 Admin? 答對了! 就是 Cookie 我們按右鍵->檢查 (就是常用的 F12啦) ![](https://i.imgur.com/BA4AXsX.png) ### Application -> Cookies -> 目前的所在網站 ![](https://i.imgur.com/8QKannw.png) 睜大眼睛有看到我剛剛打的帳密ㄇ有吧有吧,就在上面 ### 你看 Admin 那裡是false 我們把他按右鍵**Edit"Value"** ![](https://i.imgur.com/h41DWfR.png) 改成**Ture** 再按重新整理頁面 ### Flag 就生出來啦!!! ![](https://i.imgur.com/0INVfDX.png) Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_d1c24fef} 開心又解出一題了我們成功解出100分的題目嗷 :) 明天見囉