This challenge is similar to the Client Side challenge where the server assumes that the client can be trusted and bases its authentication decisions on what the client tells it.
The developers have created a desktop and a web app to access the company database. The desktop app makes use of the same API as the web app but rather than using sessions, uses of the user agent string to identify itself as a valid application and gain access to the data. Download the following ping script used by the application, and from analysing it, access this page and view the secret information below.
Download the User Agent Ping script.
If you get stuck, or want more information, see my walkthrough.
User not connecting from the desktop app so must log in here.
Back to home