SecBlog

A Simple b(log) of interesting things

Natas Level 5

We need to analyze the HTTP response in order to succeed in this level

Quest

We are presented with a webpage with a simple message “Access disallowed. You are not logged in” as shown below

Level 5 Image


Solution

Below is the request and response in Burp. Notice the Header in the response : Set-Cookie: loggedin=0.
The Set-Cookie header is used to set the cookies that will be sent in the subsequent requests.

Level 5 Solution



If we change its value to loggedin=1 indicating success (means we have already logged in successfully), we might get in.

Level 5.1 Solution

And Indeed, we can see above that this worked, and we have the password for next Level.


« Back