July 11, 2026
Broken Authentication
Learn how to defeat logins and other authentication mechanisms to allow you access to unpermitted areas.
By Vinayakpawar
1 min read
Task 1: No reply
Task 2: What is the name for the practice of reusing credentials recovered from one application against unrelated applications? Ans: Credential Reuse
Task 3: What is the username starting with si*** ? Ans: simon What is the username starting with st*** ? Ans: steve What is the username starting with ro**** ? Ans: robert
Task 4: What is the valid username and password (format: username/password)? Ans: steve/thunder
Task 5: What is the flag from Robert's support ticket? Ans: THM{AUTH_BYPASS_COMPLETE}
Task 6: What is the flag from changing the plain text cookie values? Ans: THM{COOKIE_TAMPERING} What is the value of the md5 hash 3b2a1053e3270077456a79192070aa78 ? Ans: 463729 What is the base64 decoded value of VEhNe0JBU0U2NF9FTkNPRElOR30= ? Ans: THM{BASE64_ENCODING} Encode the following value using base64 {"id":1,"admin":true} Ans: eyJpZCI6MSwiYWRtaW4iOnRydWV9
Task 7: No answer needed