VulnHub - GameOver vm - Hackademic_Challenges - challenge 007

Short story: the network administrator is asking for 3,000 euro to change the grades into As. You need to find the admin password... to rat the admin out....

DirBuster finds a 'lastlogin.txt' file to Irene Pretty, but she is only a user.

Last Login user:
Irene Pretty : Irene
at 14/3/2000 10:59:00am

While searching the site, I decided to run Intruder in BurpSuite to see if I can authenticate with the male name...nothing worked...

Nikto, didn't provide any information I could use.

After doing some more digging, I used Firebug to look at Irene's cookie...

And that's where I was able to elevated my permissions to 'admin' and received the..









... message!