Penetration Ideas
1. Sword for directory scanning
>> login.htm and login.php to observe a background directory
2. Try to access the directory results found backstage http://122.112.190.132/login.htm
3. burpsuite capture brute force to obtain a user name user, password is 123456, but the identity of the current user is prompted to my user, can not enter the page, you need to upgrade their administrative rights
4. Try not to use the admin user password blasting, burpsuite view packet capture, observe the cookie has a parameter for the cookie: user = user, try to modify the cookie to user = admin achieve privilege escalation purposes, you can continue to access the page
>> the original package
>> Review cookie: user = admin, send data packets
>> to admin login account privileges obtain Flag5 {Refuse autism}
Ideas like this, when can not access the page limit access to a lack of authority, to intercept data packets to verify user identity is identified by cookie, if the cookie is confirmed by the authority to verify the identity, it can be elevated privileges by modifying the cookie.