WEB Challenges (I know Mag1k)

in here i got this
"Cookie: PHPSESSID=2q730tudrno1lkc534a5mj4033; iknowmag1k=76Q59%2FmPo9AllYbBtzkeF7H6mMTpCDkUBt18ec0MxJTUgPCIXjmhCw%3D%3D"

Even after doing research i didn't get how to decrypt it , so i ended up seeing the walk-through in which told its a padding oracle .

Now my question is just by seeing the cookie how does one determine its padding oracle?

Comments

  • I suspected what it was for two reasons.

    One, I built a similar challenge for another CTF around the time I went to see the challenge, which helped me to identify it quite fast.
    Two, you can narrow down the set of available options and focus on certain tools because:
    1. It doesn't look like a hash (hash-dentifier can help you there).
    2. It doesn't decode to plaintext either.
    3. So, it's some kind of crypto. From there, it can be maybe a textbook RSA, CBC byte flipping, hash length extension, you get the idea. Try, fail, remove it from the list and keep doing until something works.

  • some light google searching will reveal a tool that basically solves this challenge for you. oh well!

Sign In to comment.