Привилегированный гость (Privileged Guest)

hackerlab

Task: Flask web app with terminal interface, user gets guest session, /get-flag requires admin. Solution: Bruteforce weak SECRET_KEY with flask-unsign, forge session cookie with _user_id=admin.

flask bruteforce authentication_bypass python cookie_manipulation werkzeug secret_key privilege_escalation session_cookie flask_unsign session_forgery

Flask session cookie decodingSECRET_KEY bruteforce with wordlistSession forgery for privilege escalation (guest → admin)Cookie manipulation

$ ls tags/ techniques/

flask bruteforce authentication_bypass python cookie_manipulation werkzeug secret_key privilege_escalation session_cookie flask_unsign session_forgery

Flask session cookie decodingSECRET_KEY bruteforce with wordlistSession forgery for privilege escalation (guest → admin)Cookie manipulation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Лысина админа (Admin's Bald Head)— duckerz
[web][Pro]Доступ запрещён (Access Denied)— hackerlab
[web][Pro]Bug Bounty-code— hackerlab
[web][Pro]Печеньки с молочком (Cookies with Milk)— duckerz
[web][Pro]Вокруг света— bug-makers