OVERTHEWIRE NATAS level 19-20 is similar to 18-19 level. We have to manipulate session in order to login as admin. In the last level, we just have to change the PHPSESSIONID number in order to gain the access to the admin account. We have to do the same in this level too but here the PHPSESSIONID is encoded. Let’s dive in the level’s walkthrough!

The hint for this level is pretty forward.

The header for this level looks like this.

The highlighted text is the one that we are looking for. That’s the PHPSESSID that we have to manipulate. It is Hex Encoded!

If you decode this you will get this:
I have used Hackbar to hex decode this. The string here is 54-admin, where -admin stays as it is and the number 54 changes. So just like last level the max id goes from 1 – 640, we can perform a bruteforce of this in order to gain access to the admin.

To carry out this attack, I used burpsuite!
Send the request to the intruder and do the following options:

In the payload tab, set the options as below:

Start the attack!
Here is the screenshot for the request that got us the credentials for the next level!

There you go! password for the next level.

If you hex decode it, the text string is 89-admin. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.