Re: Hidden Admin ¶
Por: shellterlabs em 3 de Outubro de 2017 às 11:11
The challenge should be working properly. With you still facing any kind of problem, send us an e-mail at: email@example.com
Por: vGribel em 27 de Novembro de 2017 às 19:06
Burp is working and I found and changed the cookie there, but when I click "Go" on Repeater Tab, the cookie returns to false.
What I'm doing wrong?
PS.: trying this on the initial page, didn't found admin page yet.
Por: Citizen21 em 1 de Dezembro de 2017 às 13:02
Hi everyone! I am not sure if the challenge is not working or I am missing something but when I used Burp to intercept the http frame, the cookies header didn't have any is_admin or admin parameters. There were 2 parameters only, one was the _GA and the other _GID and I don't think they should be used to solve this challenge. I didn't find any encrypted message in the http header. I hope someone of you can help me. Cheers.
Por: Narck em 15 de Dezembro de 2017 às 21:35
All you need to be in lesson two. Read the sixth paragraph again to the end, and I believe you will find the answer.
"Another thing you should always check is the robots.txt file." "Cookies are also worth looking at..."
Por: Panzki em 23 de Janeiro de 2018 às 22:33
Hey, everyone I just want to try out the first web challange. I found the hidden secret in the tutorial. When I start the challange enviorment and try to access the webserver the request always times out. Is the challage still working properly?
Por: FedeCuci em 27 de Fevereiro de 2018 às 11:09
Hey guys, I go to the page http://lab.shellterlabs.com:33476/admin-login/ but I see no login... I just see the same page. I am kind of confused because I am trying to use Burp to get the cookie, but I first need a place to login in order to succesfully get the cookie with Burp. Source: https://support.portswigger.net/customer/portal/articles/1964073-using-burp-to-hack-cookies-and-manipulate-sessions Am I doing something wrong?