Hmmm, what to do, what do….
Should we try http://natas5.natas.labs.overthewire.org/admin.php…nope!
How about http://natas5.natas.labs.overthewire.org/login.php…dangit bobbeh!!
Is there anything in the souce?
Doesn’t look like it to me.
OH I KNOW! Let’s check out the HTTP headers. There are a lot of ways we could do this, but the weapon of choice today will be Burp Suite. After she’s fired up we refresh the page and take a look at the raw request our browser is generating:
That “cookie” field looks kind of interesting, with the value loggedin=0. I wonder what would happen if we changed it to a “1” and fired the request off?