# A Step-by-Step Walkthrough Solution to CTF LEVEL 5 INFOSECINSTITUTE (Practical Web HACKING)

The Level can be accessed here.

The Question says :It seems you have encountered a page which requires users to login before viewing. Do some magic without having to log in.

The hint says you need to play with the headers , HTTP_REFERER

On analysing the source code we see that the login button is disabled

We remove the code disabled using the inspect tool in firefox and go to the login page which is available at the page login.html . [location: http://ctf.infosecinstitute.com/ctf2/exercises/login.html ]

Screen Shot 2015-09-25 at 1.34.43 am

Now the final step we need to change the default referrer to http://ctf.infosecinstitute.com/ctf2/exercises/login.html by using the replay button at the bottom of the dialog box .

So we make a http get request to the level5 page with the referrer as mentioned above:

    GET /ctf2/exercises/ex5.php HTTP/1.1
Host: ctf.infosecinstitute.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate