Halls of Valhalla – Beginners Challenge 1-7

Here’s a walk through for the Beginner Challenges on www.Halls-of-Valhalla.org. Click here to start the first challenge on Halls-of-Valhalla.

C:\Users\jwilb\AppData\Local\Microsoft\Windows\INetCacheContent.Word\Image 032.jpg

Right click to view source and

C:\Users\jwilb\AppData\Local\Microsoft\Windows\INetCacheContent.Word\Image 033.jpg

After a few minutes of perusing the source I found

For this exercise we are using Burp Suite

I flipped the Cookie: auth bit to true and….

After many failed attempts I was able to inject the following script into the location field using Burp Suite.

<script>alert(1);</script>

These are all User-Agents. Let’s try to post the same script from 4 into the User-Agent value.

And…that worked. This was a fast one.

I spent a lot of time looking around before finally checking out the robots.txt file, which shows a php file in the /challenges/beginners directory.

The php file lead us right to the password.

Above is the Reply button in Burp Suite

Above is the Delete button substituting id=160 for id=162 to delete the Administrator’s post and….

Leave a Reply