Challenge Web: Grammar

I have been attempting to solve Grammar for 3 days now and its starting to feel like I'm banging my head against a wall, and given that this challenge does not involve biometrics I don't think that is going to get me anywhere..

I'm currently stuck, and my assumption is I have to do something with the MAC value, but I do not at all understand how its calculated.

Any help would be much appreciated.

Comments

  • dont overthink

    peek

  • I'm not sure I can do anything more simple than what I have already tried. I've tried changing field 1 and 2 individually as well as together and making new requests. I've been able to get the messages "what are you trying to do?" And "you have fucked something up" but not much other than that.
  • Still grasping at straws. starting to work in circles. Any help would be appreciated.

  • "you have fucked something up" is the server's message for it can't decode your cookie properly - so that won't work. Play more with the "what are you trying to do?" requests. You only need to change two parameters, keep the one that doesn't matter default.

  • I'm presuming the one that doesn't matter is pretty obvious. Still not sure what to do about MAC. Thanks for a little direction tho.
  • edited December 2017

    I have started a script to brute force the MAC based on original data to try and know how it's calculated, is that an interesting target to pursue?

  • edited December 2017

    hi all! you need to know about "juggling" :)
    interesting challenge

    r2d2

  • Oh thanks!! Took me a while to understand what this juggling was all about but the context of this challenge made it obvious in the end: PHP, MAC, juggling...

    Fun challenge!

  • Anyone still working on this that wants to discuss it? Message me

  • Can someone PM me that finished the challenge?

  • Hi at all, I passed the first step easily but I'm still and I do not understand the next step. Can I have an hint please ?

  • edited April 2018

    Hi - stuck at the first stage of this attack; used tools to search for open directories and file names - hydra, dirb, dirbuster and a ton of lists - am I right to search of an open file/dir to get to the next level - pm/email to avoid spoliers -- thanks, this is a head bang for me now..

  • Man this was a tricky challenge. The first step seemed kind of silly but the next step was great! Ok to DM me if anyone hits a wall and needs a sanity check / guidance.

  • hey any hint regarding the MAC part would be appreciated

Sign In to comment.