# Skills Assessment

This section outlines a skills assessment for the "Session Puzzling" module, requiring students to identify and exploit various session puzzling vulnerabilities to gain unauthorized access or elevate privileges within a web application.

## Walkthrough

After logging in with the credentials `htb-stdnt:Academy_student!`, students need to navigate to the password reset functionality at `/reset_1.php` and supply the username `admin`, then click on Submit.

Students should not complete phase 2 of the password reset process. Instead, they need to navigate directly to `/admin_users.php` to exploit premature session value population, which will grant them access to the admin panel.