Labs / Session Switch

Challenge
Released 03 Jul 2025

Session Switch

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1

Flags

1

Points

Challenge

Solution Available

Pro Exclusive

Start Lab Environment

~1-2 min setup

AWS dedicated

Private instance

Industry standard

Challenge

Session Switch - Complete Solution Walkthrough

Step 1: Initial Reconnaissance

Open the challenge in your browser. You are presented with a login form requiring a username and password.
Log in with the provided user credentials: user / password123.
After logging in, use your browser's developer tools (F12) to inspect the session-related data set by the server.

Step 2: Authentication Analysis

Notice that after a successful login, a session-related value is set to indicate your privilege level (e.g., user).
Focus on the session data. The application uses this value to determine your access level.

Step 3: Privilege Escalation

Manually edit the session data in your browser (e.g., using the Storage tab in DevTools).
Change the privilege value from user to admin.
Refresh the portal page. You should now see the admin area is accessible.

Step 4: Flag Extraction

With admin privileges, access the secret area as indicated on the portal page.
The flag will be displayed in the real challenge environment when you have the correct privilege.

Security Implications

Trusting Client Data: The application trusts session data set on the client side, allowing privilege escalation.
Access Control Flaw: Access to sensitive areas is determined by a modifiable value, not by secure server-side checks.

Prevention & Best Practices

Server-Side Validation: Always validate user privileges on the server, never trust client-side data for access control.
Session Security: Use secure, signed, and tamper-proof session mechanisms.
Least Privilege Principle: Grant users only the minimum privileges necessary for their role.
Regular Auditing: Review authentication and session management logic for flaws.

Key Learning Points

Never trust client-side data for access control.
Privilege escalation vulnerabilities are common in real-world web apps.
Proper session management is critical for web security.

Tools Used

Web Browser & DevTools - Inspect and modify session data
Burp Suite - Intercept and modify HTTP requests (optional)

Challenge Summary

Reconnaissance and login
Session data analysis
Privilege escalation by editing session data
Accessing the admin area and extracting the flag
Understanding the security implications and best practices

Session Switch

Challenge 1 points

Writeup Guidelines

Share your solution approach, methodology, and insights. Your writeup will be reviewed before being published to the community. Earn +1 bonus point when your writeup is approved!

Requirements:

No flag content: Do not reveal actual flag values or passwords in your writeup
Include lab link: Your writeup must contain a direct link to this lab for reference
Educational focus: Explain your methodology, tools used, and learning insights

Writeup URL *

Link to your blog post, GitHub repository, or any platform where you've published your writeup
Remember to include this lab's URL in your writeup: https://hackerdna.com/labs/session-switch

Language *

Help others find writeups in their preferred language

Confirmation Required

I confirm that my writeup includes a direct link to this lab

Your writeup must reference this lab's URL: https://hackerdna.com/labs/session-switch

I confirm that my writeup does NOT contain flag content or critical information

Do not include actual flags, passwords, or other sensitive information that would spoil the challenge