Easy Message

Challenge Information

• Category: Web Security

• Level: easy

• Points: 50

description

I Have a Message for you.

Solution

after access the lab we open it browser , we found sign in page and we don't have any credentials to login so after search i found endpoit called /robots.txt

well, another endpoint let's open it

I'll explain the functionality of this block of code

$user = $_POST['user'];
$pass = $_POST['pass']; //create two post parameter called user and pass

include('db.php'); //contain file called db.php

if ($user == base64_decode('Q3liZXItVGFsZW50') && $pass == base64_decode('Q3liZXItVGFsZW50'))
    {
        success_login();
    }
    else {
        failed_login();
} // if the condition is true we are able to login and if false were not able to login 

well to make the condition true we must login with this credentials , first we'll decode it I'll use this website

decoder

now let's try to login with this credentials

user : Cyber-Talent
pass : Cyber-Talent

morse code

ohh, this like morse code I'll translate it with this site

flag