The factory is hiding things from all of its users. Can you login as Joe and find what they've been looking at? https://jupiter.challenges.picoctf.org/problem/44573/ or http://jupiter.challenges.picoctf.org:44573
-
I opened the webpage and there is two input fields which takes username and password as login credentials.
-
I tried to login with
username=Joeand a random password and failed
-
Then I just tried again with some random username and password. It worked
username=kpabytandpassword=kpabyt
-
Then I thought there can be something in session storage or local storage or cookies because we have logged in and there must be some kind of auth key saved somewhere.
-
I looked around and found one cookie named admin which has False value
-
I modified the value of admin to True and reload the page and the flag is here..
