Dash for the Cash 🤑
- Cyber Catamounts
- Sep 11, 2020
- 1 min read
Briefing:
The hacker group is really on another level now... They have a company name, SCDP Associates, which is acting as their alias! We need you to infiltrate their vulnerable Employee Portal and find a way in so we can find out what they've been up to. Hurry! We think they've been stealing money from our club.
Note: this challenge is purely thinking skills based and no technical skills are required. Use your head, persist, and you'll get it!
Hint: What happens when you try to sign in? Does the url change? How could you take advantage of that? Remember: you can't change anything on the website, but you can change the url...
The first thing we realize is that there are virtually no ways to interact with the website except for pressing "Sign In" and entering text into the text box.
Remember, cybersecurity (thinking like a hacker) is all about finding loopholes and taking advantage of them.
When we submit the login information (random of course), we are taken to an error page. However, the most important part of this is looking at the url.
becomes
Well... what's the opposite of fail? SUCCESS! And that's exactly what we want.
Reasoning: If we change the url from failed.html to success.html, technically, it should redirect us to a page where we successfully login!
SUCCESS! We're in.
Obviously, websites that have common sense won't be this easy to hack. However, this is building on the skills required to do some "real hacking."
Flag: success_in_a_guess
Congrats to @Panther314 for snagging the flag and @Puneetha Mallarapu for missing it by two seconds :o
Commentaires