HackTheBox Web Grammar Challenge

Challenge By : forGP

Challenge Description :  When we access this page we get a Forbidden error. However we believe that something strange lies behind... Can you find a way in and retrieve the flag?

Points : 70

Author : Rehman S. Beg (HTB Profile : MrReh )


Lets Start the instance and open the page, The page return a 403 Forbidden error.

Intercept the request, by using index.php with post request we get 200

Now we can see cookie lets send it decoder and decode it

Then decode as URL Decode then Base64 Decode we see {"User":"whocares","Admin":"False","MAC":"ff6d0a568d61e5a03bcdb04509d5885d"} admin is false. Lets change it to True and mac value to 0. Then Encode as Base64

Now we need to add our cookie on POST request and send the request again

FLAG : “HTB{TypejugAlingSOulS}”

Leave a Reply

Your email address will not be published. Required fields are marked *