This lab stores user chat logs directly on the server’s file system, and retrieves them using static URLs.
Solve the lab by finding the password for the user
Lab link.carlos
, and logging into their account.
The live chat section draws attention and if we press the “View transcript” button after making a few conversations, the download will happen. We see our chat conversations in the file.
If we change the file name with a burpsuite proxy we can access another user’s conversations. For this, we turn on the intercept feature. To download again, we press “View transcript” and forward the requests until we get GET /download-transcript/3.txt.
In the forward process twice, we change the file to 1.txt and do forward operations. We download the 1.txt file.
When we examine the 1.txt file, we access the user password and we can log in to the carlos user and solve the slide.
Hello, I am Aleyna Doğan. I work as a Sr. Cyber Threat Intelligence Analyst. In my blog, we write blog posts that my friends and I want to share. Have a good read.