Web - Server - CRLF
hmm yeah. The major difficulty is may be to find out what is precisely requested.
What I can say is you will never find such thing as requested here for real. It only works here to make up an educational purpose CR/LF based challenge.
hope this can help finding a new approach :)
Web - Server - CRLF
i wonder after i inject false log ,what else can i do to get the flag.
Web - Server - CRLF
i get it...it should be exactly like the first log.
Web - Server - CRLF
Try use urlencode in your inject point and make the fake authentication log.
Web - Server - CRLF
One amendment to her0kings1ey’s comment. Don’t try to reproduce the log *exactly* in your injection. Only the minimum amount to make it look genuine is needed. This threw me off for a while.
Web - Server - CRLF
Thank you so much, Technocratik! I finally understood why I could’nt validate this challenge!
Web - Server - CRLF
Ahhhh stuck on this challenge for days. To the new readers, like me... look at the original log without any of your inserted entries... what users connected? How can you make it seem like a user you know exists also successfully connected?