Lab Icon

Session Switch

Challenge 03 Jul 2025 Pro Exclusive Solution Available

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1
Flags
5
Points
75%
Success Rate
Start Your Challenge
~1-2 min setup
Dedicated server
Private instance
Industry standard
This solution is for Flags Mode

This walkthrough explains how to hack the lab and capture the flags. For help with Learning Mode questions, use the Request Hint button next to each question.

Challenge

Session Switch - Complete Solution Walkthrough

Step 1: Initial Reconnaissance

  1. Open the challenge in your browser. You are presented with a login form requiring a username and password.
  2. Log in with the provided user credentials: user / password123.
  3. After logging in, use your browser's developer tools (F12) to inspect the session-related data set by the server.

Step 2: Authentication Analysis

  1. Notice that after a successful login, a session-related value is set to indicate your privilege level (e.g., user).
  2. Focus on the session data. The application uses this value to determine your access level.

Step 3: Privilege Escalation

  1. Manually edit the session data in your browser (e.g., using the Storage tab in DevTools).
  2. Change the privilege value from user to admin.
  3. Refresh the portal page. You should now see the admin area is accessible.

Step 4: Flag Extraction

  1. With admin privileges, access the secret area as indicated on the portal page.
  2. The flag will be displayed in the real challenge environment when you have the correct privilege.

Security Implications

  • Trusting Client Data: The application trusts session data set on the client side, allowing privilege escalation.
  • Access Control Flaw: Access to sensitive areas is determined by a modifiable value, not by secure server-side checks.

Prevention & Best Practices

  • Server-Side Validation: Always validate user privileges on the server, never trust client-side data for access control.
  • Session Security: Use secure, signed, and tamper-proof session mechanisms.
  • Least Privilege Principle: Grant users only the minimum privileges necessary for their role.
  • Regular Auditing: Review authentication and session management logic for flaws.

Key Learning Points

  • Never trust client-side data for access control.
  • Privilege escalation vulnerabilities are common in real-world web apps.
  • Proper session management is critical for web security.

Tools Used

  • Web Browser & DevTools - Inspect and modify session data
  • Burp Suite - Intercept and modify HTTP requests (optional)

Challenge Summary

  1. Reconnaissance and login
  2. Session data analysis
  3. Privilege escalation by editing session data
  4. Accessing the admin area and extracting the flag
  5. Understanding the security implications and best practices