Need help with I know mag1k

HTB Content Challenges
1

I need hints on how to decrypt the cookie obtained from login & logout request i know this challenge has something to do with that iknowmag1k cookie and i also know there are some url encoded characters which i decoded but still i cant figure out what type of hash/code it is.

2

There is another post for this challenge by deadstopp that has some great hints in it. I think it will get you on the right track.

3

@c said:
There is another post for this challenge by deadstopp that has some great hints in it. I think it will get you on the right track.

I checked it and it doesnt have any good hint about decryption they are talking about some of tools which i dont know…

4

Yes, they are talking about a tool and a vulnerability. If you have the cookie you should have what you need to proceed. Look up a tool that is being hinted to by likwidsec in that post. It would be difficult to give you any more information without giving the solution away.

5

I know what vulnerability to exploit for iknowmag1k, I know what tool to use, and, in fact, I even got some of the information I need. However, the tool I am using keeps timing out. Sometimes it times out right at the beginning and sometimes it gets further in the process before timing out. I can’t figure out why it times out and I can’t figure out how to fix this. It’s quite annoying when I am trying to encode something and it times out halfway through. The following is my output with spoiler info redacted. Has anyone run into this issue or ever heard of it? I can PM you the command I used to avoid posting it out here for everyone. Thanks!

INFO: The original request returned the following
[+] Status: 200
[+] Location: N/A
[+] Content Length: 3862

INFO: Starting ************ Decrypt Mode
*** Starting Block 1 of 6 ***

INFO: No error string was provided…starting response analysis

*** Response Analysis Complete ***

The following response signatures were returned:

ID# Freq Status Length Location

1 1 200 3862 N/A
2 ** 255 500 2203 N/A

Enter an ID that matches the error condition
NOTE: The ID# marked with ** is recommended : 2

Continuing test with selection 2

[+] Success: (59/256) [Byte 8]
[+] Success: (88/256) [Byte 7]
[+] Success: (104/256) [Byte 6]
[+] Success: (246/256) [Byte 5]
[+] Success: (82/256) [Byte 4]
[+] Success: (231/256) [Byte 3]
[+] Success: (113/256) [Byte 2]
[+] Success: (61/256) [Byte 1]

Block 1 Results:
[+] Cipher Text (HEX): ************
[+] Intermediate Bytes (HEX): ************
[+] Plain Text: ***********

Use of uninitialized value $plainTextBytes in concatenation (.) or string at /usr/bin/************ line 361, line 1.
*** Starting Block 2 of 6 ***

[+] Success: (200/256) [Byte 8]
[+] Success: (103/256) [Byte 7]
[+] Success: (112/256) [Byte 6]
[+] Success: (82/256) [Byte 5]
[+] Success: (177/256) [Byte 4]
[+] Success: (34/256) [Byte 3]
[+] Success: (59/256) [Byte 2]
[+] Success: (106/256) [Byte 1]

Block 2 Results:
[+] Cipher Text (HEX): ************
[+] Intermediate Bytes (HEX): ************
[+] Plain Text: ************

*** Starting Block 3 of 6 ***

[+] Success: (152/256) [Byte 8]
[+] Success: (141/256) [Byte 7]
[+] Success: (112/256) [Byte 6]
[+] Success: (21/256) [Byte 5]
[+] Success: (50/256) [Byte 4]
[+] Success: (236/256) [Byte 3]
[+] Success: (15/256) [Byte 2]
[+] Success: (172/256) [Byte 1]

Block 3 Results:
[+] Cipher Text (HEX): ************
[+] Intermediate Bytes (HEX): ************
[+] Plain Text: ************

*** Starting Block 4 of 6 ***

[+] Success: (39/256) [Byte 8]
ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

[+] Success: (255/256) [Byte 7]
[+] Success: (15/256) [Byte 6]
[+] Success: (167/256) [Byte 5]
[+] Success: (115/256) [Byte 4]
[+] Success: (144/256) [Byte 3]
[+] Success: (17/256) [Byte 2]
[+] Success: (116/256) [Byte 1]

Block 4 Results:
[+] Cipher Text (HEX): ************
[+] Intermediate Bytes (HEX): ************
[+] Plain Text: ************

*** Starting Block 5 of 6 ***

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

ERROR: 500 Can’t connect to 88.198.233.174:35166 (Connection timed out)
Retrying in 10 seconds…

6

Not entirely sure what was going on yesterday, however, I ran the tool this morning and it ran fine. Encoded what I needed to encode and got me to the flag.

7

hey @n3tc4t, can i PM u regarding with this challenge?

8

When I try to use that I keep receiving
Error: All of the responses where identical
double check the block size and try again

9

i also get the same all are same response /

10

can someone PM me to go over my syntax …

11

@RPSUK i have the same issue than you.

12

can some PM for this challenge pls ?

13

i want to some a hint. i m go crazy. can you help me please.

14

@BallisticKhaos said:
When I try to use that I keep receiving
Error: All of the responses where identical
double check the block size and try again

Same here and sometimes the cookie iammag1k is not assigned when i login…
Burp Sequencer is not able to pick any cookie, i’m stuck …

15

Any nudges on how to enumerate what the admin’s username is? I know how to use the tool, including creating what is need to inject but I cannot seem to enumerate what the admin’s username is.

16

@d00gman said:
Any nudges on how to enumerate what the admin’s username is? I know how to use the tool, including creating what is need to inject but I cannot seem to enumerate what the admin’s username is.

@d00gman Any luck? I’m stuck there as well.

17

@d00gman @kricket08 you don’t need to know the admin’s username for this challenge

18

I’ve managed to update the cookie but I’m still receiving the same page when sending the updated request. Could someone point me in the right direction?

Thanks

19

Got it resolved :-D. Very minor syntax error on my part (D’oh!)

20

@ValleyCommando said:
I’ve managed to update the cookie but I’m still receiving the same page when sending the updated request. Could someone point me in the right direction?

Thanks

Now I’m struggling here… :stuck_out_tongue: