Halls of Valhalla – Beginners Challenge 1-7

Posted on July 24, 2016October 15, 2017 by JW

Here’s a walk through for the Beginner Challenges on www.Halls-of-Valhalla.org. Click here to start the first challenge on Halls-of-Valhalla.

$C:\Users\jwilb\AppData\Local\Microsoft\Windows\INetCacheContent.Word\Image 032.jpg$

Right click to view source and

$C:\Users\jwilb\AppData\Local\Microsoft\Windows\INetCacheContent.Word\Image 033.jpg$

After a few minutes of perusing the source I found

For this exercise we are using Burp Suite

I flipped the Cookie: auth bit to true and….

After many failed attempts I was able to inject the following script into the location field using Burp Suite.

<script>alert(1);</script>

These are all User-Agents. Let’s try to post the same script from 4 into the User-Agent value.

And…that worked. This was a fast one.

I spent a lot of time looking around before finally checking out the robots.txt file, which shows a php file in the /challenges/beginners directory.

The php file lead us right to the password.

Above is the Reply button in Burp Suite

Above is the Delete button substituting id=160 for id=162 to delete the Administrator’s post and….

Related

Leave a Reply Cancel reply

You must be logged in to post a comment.