On this blog post, I will explain how I solved the challenge from hackthebox under web category which is called “Grammar”.
By running the instance, I started to explore the web challenge by opening the link given. A forbidden error prompt after loading the given url.
After that, I opened burpsuite to intercept the request and check for possible headers.
Then, I sent the request to the repeater and checked if there are any changes from the response.
The result came with the same error, there’s no additional cookies and headers. So, I decided to change the path by adding “index.php” , “home.php” and “login.php” but nothings happen.
In web development http method is important, like GET, POST, PUT, and DELETE request. In penetration testing, changing http methods is one of a good idea to check the response. So I tried changing the GET to POST request and voila! I get other response and it seems a login page.
Then I checked it and send it to the browser.
No flags, but I noticed a Cookie, I sent it to decoder and select decode by base64, the value of decoded based64 is User with the value of whocares, Admin which is False and Mac.
I changed the the Admin value into True, and encoded to base64. After that, I added a cookies and place the new encoded base64, which resulted to a different response but no Flags.
I tried to changed the value of MAC into 0 and added a “}” into the last line. Then encode it again to base64.
I replaced the cookie and send the request which finally shows the Flag.