Factory Login

# logon Point: 100 ## Category Web Exploitation ## Question The factory is hiding things from all of its users. Can you login as logon and find what they've been looking at? [(link)](https://2019shell1.picoctf.com/problem/12284/) or ## Hint Hmm it doesn't seem to check anyone's password, except for 's? ## Solution After login, We'll check source code but nothing to get. We decided to check cookie of this website using [EditThisCookie](https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en-US) extension on Google Chrome. We'll see a username: admin with value: False. ![EditThisCookie](https://github.com/m14ghost/PicoCTF-2019-Writeup/blob/master/Web%20Exploitation/Editthiscookie.png) Try to change value to True then open source code again, we've got the flag ```bash Factory Login

Flag: picoCTF{th3_c0nsp1r4cy_l1v3s_6f2c20e9}

``` ## Flag picoCTF{th3\_c0nsp1r4cy\_l1v3s\_6f2c20e9}