Avatar

Labs / Session Switch

  • Daily Challenge
  • Released 03 Jul 2025
The lab needs to be started first.
Need help to start?
Daily Challenge

Session Switch - Complete Solution Walkthrough

Step 1: Initial Reconnaissance

  1. Open the challenge in your browser. You are presented with a login form requiring a username and password.
  2. Log in with the provided user credentials: user / password123.
  3. After logging in, use your browser's developer tools (F12) to inspect the session-related data set by the server.

Step 2: Authentication Analysis

  1. Notice that after a successful login, a session-related value is set to indicate your privilege level (e.g., user).
  2. Focus on the session data. The application uses this value to determine your access level.

Step 3: Privilege Escalation

  1. Manually edit the session data in your browser (e.g., using the Storage tab in DevTools).
  2. Change the privilege value from user to admin.
  3. Refresh the portal page. You should now see the admin area is accessible.

Step 4: Flag Extraction

  1. With admin privileges, access the secret area as indicated on the portal page.
  2. The flag will be displayed in the real challenge environment when you have the correct privilege.

Security Implications

  • Trusting Client Data: The application trusts session data set on the client side, allowing privilege escalation.
  • Access Control Flaw: Access to sensitive areas is determined by a modifiable value, not by secure server-side checks.

Prevention & Best Practices

  • Server-Side Validation: Always validate user privileges on the server, never trust client-side data for access control.
  • Session Security: Use secure, signed, and tamper-proof session mechanisms.
  • Least Privilege Principle: Grant users only the minimum privileges necessary for their role.
  • Regular Auditing: Review authentication and session management logic for flaws.

Key Learning Points

  • Never trust client-side data for access control.
  • Privilege escalation vulnerabilities are common in real-world web apps.
  • Proper session management is critical for web security.

Tools Used

  • Web Browser & DevTools - Inspect and modify session data
  • Burp Suite - Intercept and modify HTTP requests (optional)

Challenge Summary

  1. Reconnaissance and login
  2. Session data analysis
  3. Privilege escalation by editing session data
  4. Accessing the admin area and extracting the flag
  5. Understanding the security implications and best practices