We meet again..
Welcome to the second level.. 1337 browser
Universal Hint: Look at the level's Head-line!!
Let's look at our challenge.. We need to fill 3 text inputs in order to enter the download page.
but we are not really users and this is not a real download link source, So let's press on the
'Download Now!' button.. we can see that a page that opened is "/download.php" and a text
We will go back and now try the 2nd button below that says "upgrade for free".
After pressing it we discover 2 very important things:
1: The text - "Err: Only 1337Browser_V3.1 users can see this page."
2: The page's file pwd.php //pwd-->passwd--->password.. get it!
So we can understand from those two things that we need to access some how throught this page and get
the password! In order to do that we need to login as users of the followed browser..
But how can we make the server think that we have the 1337 browser when we have IExplorer/Mozilla
or one of the regulars...
well this a job forrrrrr....... Google!!
Go and read about how to fake the browser's signture on the GET/POST request from the local server
and spoof it to what ever you need.
[Big Hint: try to look for user-agent spoofing]
hmm... thnks
ReplyDelete