Postbook

CHALLENGE HINT

Flag0

Using FUZZ tool to brute force user password.

Flag1

Change id=2

Flag2

We read the hint, inspect when create new post, we can see <input type='hiden'>, delete hiden and change value to 3.

Flag3

Read the hint maybe we confuse, let try id=189*5

Flag4

Go to Edit page and change id=1

Flag5

We can see the cookie hash, identify it and we know that it is MD5, now change it to id=1 hash.

Flag6

Delete Admin's post