Luqman Hakim

Writeup CTF ICS2C : web 1 – json statham

March 23, 2018
Writeup CTF ICS2C : web 1 – json statham

Writeup CTF ICS2C : web 1 – json statham – Diberikan sebuah web.

Agar bisa masuk ,pertama kami melakukan register.

web 1 - json statham 1

web 1 – json statham 1

Setelah kami analisa, kami curiga terhadap cookies

Kemudian kami decode dengan base64.

Agar bisa memiliki akses admin, kami memodifikasi cookie menjadi seperti ini

{“alg”:”None”,”typ”:”JWS”}
{“login”:”admin”,”iat”:”1519548841″}

Setelah di encode dengan base64

eyJhbGciOiJOb25lIiwidHlwIjoiSldTIn0.eyJsb2dpbiI6ImFkbWluIiwiaWF0IjoiMTUxOTU0ODg0MSJ9.

Kemudian kami set ke cookie di browser dengan bantuan Extension Cookie Manager

web 1 - json statham 2

web 1 – json statham 2

Refresh web nya, dan akan ketemu flag nya

crypto - classic 3

crypto – classic 3

FLAG: CTF{_js0n_w3b_T0ken_m4h_g4mp4ng}

175 Views
Share This
,
Previous article
Writeup CTF ICS2C : crypto – campur sari
Next article
Writeup CTF ICS2C : web 3 – simple
Luqman Hakim
Luqman Hakim

I am Luqman Hakim, founder of this blog. I am Software Engineer and IT Security Enthusiast from Indonesia. I spend most of my time in doing programming and playing CTF (Capture the Flag)

Related Posts
Leave a reply
Captcha Click on image to update the captcha .