OVERTHEWIRE NATAS level 18-19 is based on session bypass. We have to login as admin without any credentials, in such cases we can look for the session value and try to change it because that’s the only way in after there is no credentials.
So let’s do this.
The code for the natas 18-19 level is this:
The code is pretty forward. It looks for the session value which corresponds to the admin account. Once we found the session, we would be logged in as admin. In the above code, there is one more thing to look at, the maxid value is 640. So, one of the account from 1 – 640 belongs to admin.
I used burpsuite’s intruder to bruteforce the request. The value we have to change here is marked in the below screenshot. PHPSESSID.
Below is the screenshot of the intruder when it found the SESSIONID for admin which is 138. You can see the username and password in the response tab!