Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Odd trouble with realistic 1


PlusNine's Avatar
Member
120 2

Hello HBH! I think I've ran into my first real conundrum with the first realistic challenge. After acquiring the .txt files for the johndoe login, and attempting to login with the "special cookie" as the same cookie in the text file (they matched already) still results in "Your user and pass didn't match our records". I feel like this should work, yet it does not. Am I missing something here?

Edit 1: For clarification, I seem to be having an issue with the password. It seems encoded but my attempts at decoding so far have just resulted in more confusion. Why is this stored in plaintext and yet doesn't work the way it's presented?


Huitzilopochtli's Avatar
....
10 9

Am I missing something here? Yes. There is something else in that text file along with the usernames and passwords, that you haven't mentioned anywhere in your post. You need that.


PlusNine's Avatar
Member
120 2

Huitzilopochtli wrote: [quote]Am I missing something here? Yes. There is something else in that text file along with the usernames and passwords, that you haven't mentioned anywhere in your post. You need that.[/quote]

I think I communicated my problem inccorrectly. This "something else" is in the same text file correct? It seems to be referred to as a different name within the login page itself, and after attempting to change the name of this "ID" and making sure it matched with what was in the text file for the base user (again I'm confused by that as well, why was this "ID" already set seeming correctly when I hadn't done anything to it yet?) I still have not made any progress


Huitzilopochtli's Avatar
....
10 9

This challenge is more about privilege escalation than anything to do wiith the usernames and passwords. You just need to change one thing in order to achieve that, and the clue's in the name, it's already been "set" as an extra hint.


Exc3ll0's Avatar
Member
545 0

There is one thing that did mislead me on this challenge and I'm having a feeling it's misleading you to, the password you're seeing on the text file isn't encoded at all, it's right there in plain text ;) After that, well, you have to grab the one thing you haven't mentioned in your post and change it to something that would give you higher access priveleges.