Mission
Customer Security Ltd has hired you to test the security of their internal management system. Your task is to find vulnerabilities in the application and break into the system.
The client also agreed to send you part of the system source code, but not everything.
#!/usr/bin/python3
# Library for database management
from modules import database
# Flask web page libraries
from flask import Flask, render_template, redirect, request
from flask import make_response
app = Flask(__name__)
search = database.Search()
@app.route("/")
def root():
# We are looking for an identification password
identifier = request.cookies.get('identifier')
# If the identifier is correct, the user is logged in
if identifier == "ADMIN1":
# The data of the management nakyma is fetched
data = search.searchData()
return render_template("management.html", data=data)
# Otherwise, you will be directed to log in
else:
return redirect("/login")
@app.route("/login", methods=["GET","POST"])
def login():
if request.method == "GET":
failed = request.args.get("warning")
return render_template("login.html", failed=failed)
elif request.method == "POST":
# Making sure the credentials are correct
user = request.form.get("user")
password = request.form.get("password")
correct = search.verifyID(user, password)
if correct:
# sets the session identifier
response = make_response("blank.html")
answer.set_cookie("identifier", "ADMIN1")
return response
else:
return redirect("/login?vaarin=yes")
if __name__ == '__main__':
app.run(debug=False, host='0.0.0.0')If the task feels difficult and doesn't seem to be solvable, we recommend also exploring the Python programming as well as Web development basics -course.
Hint
Exercises
Flag
Find the flag from the lab environment and enter it below.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.