A9:2021 | Logging Security (4) | Cycubix Docs
PreviousA9:2021 | Logging Security (3) | Cycubix DocsNextA9:2021 | Logging Security (5) | Cycubix Docs
Last updated
Last updated
Some servers provide Administrator credentials at the boot-up of the server.
The goal of this challenge is to find the secret in the application log of the WebGoat server to login as the Admin user.
Note that we tried to "protect" it. Can you decode it?
Solution
Click on submit and open the developer tools. You will be able to identify the post request under the session "log-bleeding".
Now, open the terminal of your docker container, where you started your WebGoat session and look for the password for admin.
To to Burp or Zap decoder and decode the key into base64.
Insert in the lesson the decoded key as a password and the user Admin (the response is case sensitive).
