A9:2021 | Logging Security (4) | Cycubix Docs
Let’s try
- Some servers provide Administrator credentials at the boot-up of the server.
- The goal of this challenge is to find the secret in the application log of the WebGoat server to login as the Admin user.
- Note that we tried to “protect” it. Can you decode it?
Solution
- Click on submit and open the developer tools. You will be able to identify the post request under the session “log-bleeding”.
- Now, open the terminal of your docker container, where you started your WebGoat session and look for the password for admin.
- To to Burp or Zap decoder and decode the key into base64.
- Insert in the lesson the decoded key as a password and the user Admin (the response is case sensitive).
.png)