CTF#2 Level 11

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex11.php

Description: We do not want you around… You have been blacklisted.
It seems you have been blacklisted. Knowing what websites typically use to identify their users – try to get rid of that ban.

Vulnerability: Bypassing Blacklists


I don’t know what this is, but It seem we have to play with HTTP header, so let’s check it, fireup your burp suite, intercept the proxy then sent to repeter.

burp1Here is the header contain:

GET /ctf2/exercises/ex11.php HTTP/1.1
Host: ctf.infosecinstitute.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: _ga=GA1.2.2097500748.1426146732; visitor_id12882=197992830; __distillery=v20150227_3d92622f-8940-44b8-8c2e-fbfba9e66052; __utma=192755314.2097500748.1426146732.1427136730.1427302672.2; __utmz=192755314.1427136730.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=9okprgbh057f1bg5jqjal83sq3; welcome=no
Connection: keep-alive

You can see in the line PHPSESSID there is welcome paramater that set to no, let’s change to yes and then click go button and viola you already bypass.

burp-successOk, let’s tamper it through web.

temper-level11Pass to level 12.

Resources and Tools:
1. Burp Suite
2. Tamper Data Firefox Add-on – https://addons.mozilla.org/en-us/firefox/addon/tamper-data/