Realist

Without trying to spoil things, I ((think I) know the first step.

The registration page is closed and can only be used by the admin. I’ve made sure that the admin will visit my website, which I do see happen in my web server access log.

However, I can’t seem to login afterwards, due to bad credentials. I’m missing something and would like a tiny hint (without spoiling anything) if the direction I’m going is correct.

Thanks in advance!

Cheers!

The admin visit your web server. What can you deduce ? What the name of this type of attack ? How can you exploit it ? What do you need to go further in this challenge ?

I know the type of attack I need to perform. I prepared a form to be executed when the admin visits but can’t login after that. Perhaps I said too much and make this too obvious for others?