Good evening all from the UK.
Stumbled across HTB a fortnight ago and I'm hooked.
However, if my skills matched my enthusiasm - I'd be laughing.
I've followed the two Academy modules "Web Requests" and "Javascript Deobfuscation" and successfully 'cracked into Hack the Box' - I must admit it was satisfying to say the least.
However there is one question in the Web Requests module that I couldn't answer - anyone able to offer me and additional nudge?
Its to do with the POST method page, and the question is:
"Login with the credentials guest / guest and try to get to admin."
I can of course log in, I'm assuming to 'get to admin' I am to swap the cookie from the admin login, demonstrated in the tutorial. and send that one rather than the guest one in Burp Suite - which I have done and I am able to get a different' non-guest user name in the admin screen - but this isn't the answer the question is looking for...
any pointers?
Comments
Oh - I sorted it...
... I was certainly thinking along the right lines in the above question - just had to think a little out of the box to get a 'admin' from the cookie...
hi Moe
I couldn't get around this challenge
any ideas?
The guest cookie logs you in as "guest_xxxxxxx"...
...It would be better if it logged you in as "admin" though ;-)
so just admin
i did it before but as 'admin_xxxxxx'
how stupid
thanks man for the clarification
have a nice day
Of course, as soon as I asked the question my brain started working and I was able to figure it out! Cheers!
Ok, I got text:
Next step is entering answer in input box.
Tried to set different cases:
but nothing worked out
What's wrong?
Type your comment> @KonstantinS said:
Can you prompt please, what string is used to answer?
i have tried with burp suite to achieve admin auth
i have two questions
1- when i modify cookie it's necessary to encode "admin"?
2- when i send from repeater with changed cookie i must be logged in with guest?
thank you in advance to anyone will help me
maurp
how you can get the admin cookie?
I have answer welcome admin but the cookie that I use is not the correct answer, so why I get welcome admin? Is there an error in the module?
Type your comment> @pit83 said:
Support answered me only this
Type your comment> @4d27 said:
I have tried everything, when I use only admin without the unnecessary information the module answer:
Welcome, admin!
The flag is 607f8f255845ecb4b0b53fae4d3ef29e!
still no success
Type your comment> @pit83 said:
I tried again few minutes ago.
Got such text in browser:
Put flag into answer and clicked submit button.
I have no idea why but now it works!
@pit83 thanks for you comment.
It make me repeat quiz again and finish module.
Type your comment> @4d27 said:
incredible same answer different result, with me it's say bad answer I copy this
The flag is 607f8f255845ecb4b0b53fae4d3ef29e!
Type your comment> @pit83 said:
I suppose it is need spawn new target and try again.
Again encode cookie get flag and sent answer.
Hi Guys,
Trouble understanding the tutorial and getting the flag, this is my understanding from the tutorial:
The issue is the session cookie will always be for the user you logged in with. When following the tutorial i'm using the credentials guest:guest and therefore the session cookie is for the guest user.
I've tried base64 decode the session cookie for the guest user and changing the name to admin and encoding it again in base64 but all this does is change the name from hello guest_xxxxx to hello admin_xxxx
So what am I not understanding here? As far as I know I need the admin cookie to login or to manipulate the guest cookie in some way to login as admin. As mentioned above the tutorial didn't make sense as the same cookie issued to the user was just reused unless I'm missing something here?
Any help would be greatly appreciated guys
Guys, it's more stupid than I was thinking. After becoming mad for some time, I realized that the '!' was not part of the flag but of the whole message.
Paste only
607f8f255845ecb4b0b53fae4d3ef29e
and you'll get green and happy!