August 14, 2019
Logging into natas5, once again, we are greeted with a message saying Access is disallowed from the user we are logged in (natas5).
This issue is a bit unusual. You would typically think why on earth I wouldn’t have access, if we just authenticated. If we intercept the request this time we can see that the Cookie says our loggedin is set to 0. By changing the value to 1 we can allow access with the user we are authenticated with.
Cookie header is a session cookie, with every request the browser sends back previously stored cookies in the cookie header.This cookie is deleted when the clients closes the tab/browser.
So because when we first authenticate ourselves to the web page, the browser immediately changes our loggedin session to 0 stating that were not logged in, which is why were receiving the “Access disallowed” message. By changing the loggedin session to 1 after our first authentication, we are given the Cookie header from the previous request.
Changing the loggedin header to 1, we are then given the password for the next level.