Did anybody pass this assessment? I need a hint. I think that the 1st step should be to exploit type juggling with password of Larry. I’ve tried different ways to calculate magic hash (using salt), but all my vocabularies dont provide it to me.
@mlwrwrk I have completed the exercise. You are on the right track trying to exploit the type juggling. The fact that the salt is fixed is an advantage for you as an attacker because you can try to get a suitable hash to do an Authentication Bypass of one of the provided database users. Have you tried to create different combinations with a python script for example?