Session Hijacking Attack | Natas: OverTheWire (Level 18)

In Level 18 of OverTheWire's Natas CTF wargame, we are able to leverage a brute-forcing attack to hijack a valid admin PHPSESSID on the webserver. OverTheWire: https://overthewire.org/wargames/ Writeups: https://github.com/odacavo/overthewire/tree/main/01_natas Session Hijacking Attack: https://owasp.org/www-community/attacks/Session_hijacking_attack PHP session_id: https://www.php.net/manual/en/function.session-id.php 0:00 - Introduction 0:35 - Source Code Walkthrough 4:30 - Burp Suite Intruder 9:45 - Python getflag Script 11:47 - Conclusion