Hack This Site: Basic Web Challenges – Level 10

Hack This Site: Basic Web Challenges – Level 10

Oh dear, we are hacking again. Today, we’re looking at Hack This Site Basic Web Challenges level 10. This challenge requires us to manipulate cookies in order to authenticate against the application. A cookie is a small file that contains data, the data is utilized by the applications to make decisions. For example, if you add an item to your shopping basket then the website could issue a cookie that contains that information. That way, when you revisit the application, the item is still in your basket. If you haven’t seen my previous posts in this series then you can do so here: Part 1Part 2Part 3Part 4Part 5Part 6Part 7, Part 8, and Part 9.

Hack This Site: Basic Web Challenges – Level 10
Hack This Site: Basic Web Challenges – Level 10

Testing The Web Application

After logging in to the application, you will be presented with the following page. There aren’t any hints this time, this time it’s just a password submission form. The image for the challenge mentions having to know your way around Javascript. I’ve looked at the source and didn’t find anything interesting.

Web Application Password Submission System
Web Application Password Submission System

I then fed the application some test data to see how it would respond. I tested a number of characters associated with various types of attacks but they were all sanitized. Submitting generic strings to the password input box results in an authorization error.

Not Authorised Error
Not Authorised Error

Exploiting The Web Application

In order to investigate the application further, I used Burp Suite to intercept the request. The image below shows that the request is setting a cookie called “level10_authorized”. The cookie is set to no, but it can be manipulated through Burp Suite.

Web Application Request Intercepted
Web Application Request Intercepted

Burp Suite allows you to intercept the request and modify it before forwarding the data to the application. As we have captured the request, let’s change the value of the “level10_authorized” cookie from no to yes and forward the request. You will also need to forward any subsequent requests too.

Web Application Intercepted Cookie Manipulation
Web Application Intercepted Cookie Manipulation

Completing The Challenge

After changing the value to yes and forwarding the requests, you should have completed the challenge. This was a fun challenge that shows the importance of properly implementing cookies. Using yes/no cookies for authentication is not a good method for authenticating users. Cookies are used for user sessions to keep users logged in. However, those cookies are set after the user has successfully authenticated with a password.

Congratulations
Congratulations