from robots.txt we can find path /admin and user/password.
But /admin returns 404 not found, I was wondering is it intended or by mistake so I asked the author and it's intended to confuse people 😂
We can use user/password to login, but after login it's just an html with no functionality. After login it sets cookie role=user, I changed it to role=admin but still not working.
So I tried KADMIN:admin but it fails. I was thinking that the credential might change and this purpose of this image is to tell you it uses == instead of ===.
But I stuck at there and have no idea how to proceed .
e-Management System
unsolved, waiting for writeup.
Password Reset
It's a login page
from robots.txt we can find path
/adminanduser/password.But
/adminreturns 404 not found, I was wondering is it intended or by mistake so I asked the author and it's intended to confuse people 😂We can use
user/passwordto login, but after login it's just an html with no functionality. After login it sets cookierole=user, I changed it torole=adminbut still not working.I was stuck there and that's all.
official writeup: https://hackwithproxy.medium.com/password-reset-writeup-http-parameter-pollution-trollcat-ctf-writeup-2c1c2335f379
K-pop
unsolved, waiting for writeup.
It's a normal login page.
From robots.txt we can find this image:
So I tried
KADMIN:adminbut it fails. I was thinking that the credential might change and this purpose of this image is to tell you it uses==instead of===.But I stuck at there and have no idea how to proceed .