# Unchained 1

## Challenge Description

> "Go from hacking web to solving puzzles"

> The admin seems to have forgotten the password, so he just want you to recover by bypassing the login page.

> Good Luck!

> Challenge link: <https://harsh1tarora.pythonanywhere.com/>

## Solution

* We are supposed to bypass the login page. So, we try SQL injection.
* We try `admin' or 1=1--` as the username and `1` as the password.
* We are presented with a shell after bypassing the login page. ![shell](https://1613628666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKkuxWaWwvkRd57ql1rtY%2Fuploads%2Fgit-blob-56101623df5f503a756ed018d77638bc6412f15e%2Fimage.png?alt=media)
* Using `help` we can see the list of commands available.
* We can use `flag` to get the flag. ![flag](https://1613628666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKkuxWaWwvkRd57ql1rtY%2Fuploads%2Fgit-blob-a88ccdc76e16629dc76c76127dd8ad2ba156efdd%2Fimage-1.png?alt=media)

## FLAG

```
xCTF{y0u_f0und_m3_n0_way!}
```