Cracking the “Admin has the Power” CTF Challenge
The “Admin has the Power” challenge presents a scenario where a seemingly innocuous comment line holds the key to unlocking administrative access. This blog post will take you on a journey through the steps involved in solving this CTF challenge, highlighting the importance of attention to detail and the power of browser developer tools.
When directed to the target page, the first step I take is to inspect the HTML using the ‘Inspect Element’ feature in my browser window. One particular element caught my attention:
This element is intriguing because it seems the creator has made a support account and left the credentials in a comment line, which is not a common practice but not unheard of either. The comment line at the bottom of the image reads, “TODO: Remove this line, for maintenance purpose use this info (user:support password:x34245323)”. At this point, I try these credentials before looking for other vulnerabilities like hidden fields, functions that produce cookies, testing for XSS, SQL injection, etc. Unsurprisingly, the login works, and I’m greeted with this screen:
Since there’s nothing useful in the rendered HTML, I go back to ‘Inspect Element’ to see if I can find anything interesting. I notice that, being logged in, I should have a cookie for the established session. When I check, this is what I find:
Here, we see that the server has given us two cookies: PHPSESSID and role. Since the role cookie is in clear text, it’s clear what our assigned role is. Out of curiosity, I ask myself, “What if I manually change my role from support to admin?” This is as simple as editing the cookie on my browser’s side and resubmitting it to the server.
After a quick refresh of the page, I’m greeted with this next screen:
As we can see, the back-end server accepted our cookie change and granted us administrative access to the website, revealing the flag, ‘hiadminyouhavethepower’.
This experience underscores the need for developers and security professionals to adopt a proactive approach to web application security, even in the context of CTF challenges. Regularly auditing code, implementing secure coding practices, and conducting comprehensive penetration testing are essential steps in mitigating vulnerabilities and protecting sensitive data.
Remember, even the smallest oversight can have far-reaching consequences in the realm of cybersecurity. Stay vigilant, keep learning, and never underestimate the potential impact of seemingly insignificant details. The “Admin has the Power” challenge serves as a valuable lesson in the importance of securing web applications and the potential risks associated with leaving sensitive information exposed.
