COMRADE III

Challenge Information

• Category: Web Security

• Level: easy

• Points: 50

description

Hey Comrade , World War III will begin soon , we need to reveal what was hidden.

Solution

after access the lab we review source code

and we have nothing so , I'll use dirb tool

good findings, we now know .git endpoint so ,I'll use dumber from GitTools

now use this command to see status of folder --> git status

and use this command to restore any file --> git restore <name of file> i already restore all of them and i found good findings on api.php

okay if we bypass this condition we got the flag so, i well explain how to bypass it . in this condition found cookie called api_key and it's check if it's true or false so , after i search i found the value of api_key in file called contact_process.php

bin2hex !! let's go to convert this string to hex from this site

okay we got value (first remove spaces ) and go to lab and create cookie called api_key and set it's value to 746869735f69735f746f705f736563726574 and reload page to see flag