Baby Auth: A Simplified Exploration of Session Integrity
Introduction:
In the world of cybersecurity, one often has to challenge the status quo. As the saying goes, "Who needs session integrity these days?" That's precisely the question we sought to answer with our recent delve into a web-based challenge appropriately named "Baby Auth."
Machine name: baby auth
Difficulty: Easy
Category: Web
Description: Who needs session integrity these days?
Starting Off:
Once we had the Baby Auth machine up and running, our initial interaction involved attempting a straightforward login with the classic 'admin' as both the username and password on the provided login screen. To our disappointment (but not our surprise), we were met with an error, "Invalid username or password."
Exploring Further:
Undeterred, we decided to test the waters and attempted to register with the same 'admin' credentials. However, the system flagged the username as already in use.
We subsequently registered with a unique username 'r4j3sh' and a simple password '1234.' Upon successful registration, we were redirected to the login page and were able to log in with our newly registered credentials, only to be greeted with a slightly disheartening message, "You are not an admin."
Examining the Cookies:
Our curiosity piqued, we decided to check the network tools and discovered that the site was using cookies.
We decided to inspect the cookie using CyberChef, a versatile analysis tool, and found that it was simply a Base64 encoded value of our username 'r4j3sh.'
Manipulating the Cookie:
With this newfound knowledge, we decided to experiment. We encoded the {āusernameā:āadminā} into Base64 and replaced the value of the original cookie.
To achieve this, we used Burp Suite, a popular web security tool, to intercept the request and modify the cookie value.
The Eureka Moment:
Upon modifying the cookie value and replaying the request, we were thrilled to see the flag pop up on our screen! We had successfully bypassed the session management and fooled the system into thinking we were an admin.
Conclusion:
The Baby Auth challenge reaffirms the crucial role of proper session management and integrity in web security. A simple cookie manipulation could provide an attacker with unauthorized access, highlighting the need for robust session handling mechanisms. It serves as an important reminder for developers to ensure secure coding practices, including the secure handling of sessions and cookies.