Securing Laravel

Securing Laravel

Share this post

Securing Laravel
Securing Laravel
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!

Stephen Rees-Carter's avatar
Stephen Rees-Carter
Aug 30, 2023
∙ Paid
2
1
Share

Greetings my friends, this week we’re heading back to finish off our walkthrough of my “Th1nk Lik3 a H4cker” talk from Laracon EU and US! We have two challenges left to cover, plus my finale stunt hack, and I’m excited to dive into the details with you. If you haven’t read Part 1 yet, I recommending heading over there first to get started.

You might have seen on socials, I started Securing Laravel1 almost 2 years ago! So next week I’ll be doing a recap email, similar to my 12 months recap. If you’d like to share any highlights or favourite articles for the recap, let me know this week2!

🕵️ Laravel Security Audits and Penetration Tests → I’m looking to lock in some clients for recurring security reviews next year. Reach out if you’re interested. 🔓


Securing Laravel is 100% reader-supported. Please consider becoming a free or paid subscribe to receive new posts and support my security work in the Laravel community!


Looking to learn more?
⏩ Security Tip #37: New Password Generator
▶️ In Depth #13: Stealing Password Tokens with Forwarded Host Poisoning


"Th1nk Lik3 a H4cker" Walkthrough (part 2)

In Part 1 we looked at the first three challenges from my Laracon EU and US talk. To quickly recap each of the challenges:

  • Challenge #1: Identify the correct password!

  • Challenge #2: Escalate your account to premium!

  • Challenge #3: Edit the Admin bio!

Now we’re up to Challenge #4, which can be found around 10:00 in the recording:

So let’s dive into it:

Challenge #4: Escalate your account to admin!

Here’s what the screen looks like at the start of Challenge #4:

Screen showing the admin bio editor screen
Challenge #4 - Editing admin bio screen.

The challenge here is to escalate our account to an administrator account, which is known as a Privilege Escalation attack, or PrivEsc.

Unlike back in Challenge #2 when we could modify verification URL and perform the privilege escalation directly, we don’t have anything obvious here, so we’re going to go deeper to crack this one.

As we’ve talked about before, the first step is to see what we can modify and control. Looking for any vulnerable inputs or ways of interacting with the application. Our attack vector should be immediately obvious with that User Bio field that we can modify, so let’s see what it let’s us do…

Keep reading with a 7-day free trial

Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2025 Stephen Rees-Carter
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share