Did anybody pass this assessment? I need a hint. I think that the 1st step should be to exploit type juggling with password of Larry. I’ve tried different ways to calculate magic hash (using salt), but all my vocabularies dont provide it to me.
@mlwrwrk I have completed the exercise. You are on the right track trying to exploit the type juggling. The fact that the salt is fixed is an advantage for you as an attacker because you can try to get a suitable hash to do an Authentication Bypass of one of the provided database users. Have you tried to create different combinations with a python script for example?
Yes, I’ve solved. Thanks
Hi, I can login with a user with role = 1, but I am stuck. I suppose the next step is to use abusing a race condition, but nothing is working. Could you please give me an hint? Thanks a lot
Any hint after taking the 1st role as user?
Yes, please.
Hi guys, could any of you please help me? Thanks a lot
Hi @Gekker4tress . Look at the code in the admin.php file:
// only admins are authorized
if ($user_data['role'] != 0) {
header('Location: profile.php');
exit;
}
What values could role have so that the if condition would not be met?
Abuses a type juggling together with a race condition.
Hint: Look at the delete_user function in the config.php file.