Hack The Box | Web |Grammar

Al Francis
3 min readJun 29, 2019

On this blog post, I will explain how I solved the challenge from hackthebox under web category which is called “Grammar”.

Grammar Challenge

By running the instance, I started to explore the web challenge by opening the link given. A forbidden error prompt after loading the given url.

Forbidden Error

After that, I opened burpsuite to intercept the request and check for possible headers.


Then, I sent the request to the repeater and checked if there are any changes from the response.

Checking for possible Cookies and Additional Headers

The result came with the same error, there’s no additional cookies and headers. So, I decided to change the path by adding “index.php” , “home.php” and “login.php” but nothings happen.

change path to /login.php

In web development http method is important, like GET, POST, PUT, and DELETE request. In penetration testing, changing http methods is one of a good idea to check the response. So I tried changing the GET to POST request and voila! I get other response and it seems a login page.

change http method from GET to POST

Then I checked it and send it to the browser.

Send to Browser

No flags, but I noticed a Cookie, I sent it to decoder and select decode by base64, the value of decoded based64 is User with the value of whocares, Admin which is False and Mac.

Burpsuite decoder

I changed the the Admin value into True, and encoded to base64. After that, I added a cookies and place the new encoded base64, which resulted to a different response but no Flags.

I tried to changed the value of MAC into 0 and added a “}” into the last line. Then encode it again to base64.

Admin value to True

I replaced the cookie and send the request which finally shows the Flag.




Al Francis

Co-Founder of Kalasag and Project Access Granted Society. A Certified Ethical Hacker,EC-Council Certified Incident Handler and Certified Blockchain Developer.