In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

In Part 1 we looked at the first three challenges from my Laracon EU and US talk. To quickly recap each of the challenges:

Now we’re up to Challenge #4, which can be found around 10:00 in the recording:

So let’s dive into it:

Challenge #4: Escalate your account to admin!

Here’s what the screen looks like at the start of Challenge #4:

Screen showing the admin bio editor screen
Challenge #4 - Editing admin bio screen.

The challenge here is to escalate our account to an administrator account, which is known as a Privilege Escalation attack, or PrivEsc.

Unlike back in Challenge #2 when we could modify verification URL and perform the privilege escalation directly, we don’t have anything obvious here, so we’re going to go deeper to crack this one.

As we’ve talked about before, the first step is to see what we can modify and control. Looking for any vulnerable inputs or ways of interacting with the application. Our attack vector should be immediately obvious with that User Bio field that we can modify, so let’s see what it let’s us do…