Hello HBH! I think I've ran into my first real conundrum with the first realistic challenge. After acquiring the .txt files for the johndoe login, and attempting to login with the "special cookie" as the same cookie in the text file (they matched already) still results in "Your user and pass didn't match our records". I feel like this should work, yet it does not. Am I missing something here?
Edit 1: For clarification, I seem to be having an issue with the password. It seems encoded but my attempts at decoding so far have just resulted in more confusion. Why is this stored in plaintext and yet doesn't work the way it's presented?
There is something else in that text file along with the usernames and passwords, that you haven't mentioned anywhere in your post.
You need that.
I think I communicated my problem inccorrectly. This "something else" is in the same text file correct? It seems to be referred to as a different name within the login page itself, and after attempting to change the name of this "ID" and making sure it matched with what was in the text file for the base user (again I'm confused by that as well, why was this "ID" already set seeming correctly when I hadn't done anything to it yet?) I still have not made any progress
This challenge is more about privilege escalation than anything to do wiith the usernames and passwords.
You just need to change one thing in order to achieve that, and the clue's in the name, it's already been "set" as an extra hint.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.