Postbook

Flag 0

• Hint -> don’t use common user / password combo’s
• sign’d in as user / password as both the user and password
• Flag 0 found

Flag 1

• as use view the post
• index.php?page=view.php&id=1
• copy that and change the id to 2
• flag 1 found

Flag 2

• Create a new post use burp suite from here
• and use intercept it before creating a post, check and modify the user_id value=”2″ to value =”1″  release the intercept and the webform posts as admin.
• Flag 2 found

Flag 3

• The hint gives a number to multiply with 189 * 5 that = 945
• lets review 945
• index.php?page=view.php&id=945
• Flag 3 found

Flag 4

• Use burp’s intercept again,
• edit the post and hit save besure to have  intercept on so you can change id=3 to id=1 hit
• flag 4 found

Flag 5

• burp intercept this time we are modifying cookies, you would need to md5 to find out value 1 is. You will need to logout and relogin as user and intercept that login so you can also snag that cookie.
• Take the current cookie from burp and it should be cookie id and resolve to number 2 as the md5 value.
• when you get the md5 value for 1, paste it in the interception area for burp and release to change the cookie id value.
• Flag 5 was found as you have went from user to admin.

Flag 6

• Now lets intercept when you attempt to delete a post
• again it uses md5 values when deleting posts, so change the value to 1’s md5 value.
• Flag 6 found, When you release it should drop another flag when you visit the post