Ok, in this challenge we need to hack to the admin
panel and delete some blog from the blog list. as
we can understand from Joe, there is no database in
this system, the system generatin some text file in
the /Passwords/ directory and store there
the user login details.
Let check out the details:
file name: Sm9l.txt
Login,1; [means user rights or something..]
eof; [end of file..]
As it seems, we just need to understand what is
the connection between the name of the file that
the system generate «Sm9l» and the
user or the password...
After we understand that, we can see the admin
login details, so we try to login to the admin
account and.. we got an error that tell us that
"This user is already logged in" - so
we need to wait untill he logged out, and he
will not. so... we need to logging him out! how
we can do that?
Hint: try to look at the source of the Logout