IKnowMag1k (Web)

Hey guys, I've been playing with this one for a bit and I have found myself stuck. I have tried the...

padding attack

but I place the "Encrypted value" in for the cookie, it takes me to a black profile. I then ran it through Burp Suite's Intruder feature using the bit flip, each cookie still sent the request back to my profile. Any hints or ideas of where I am messing up at?

My command:

$ padbuster http://88.198.233.174:45812/profile.php LF8ciWB9XXLHhDKwITFlCmJk8bOGby99bGUqc3F5iAZHBrdpu/mMMg== 8 --cookies "iknowmag1k=LF8ciWB9XXLHhDKwITFlCmJk8bOGby99bGUqc3F5iAZHBrdpu/mMMg==" -plaintext "user=admin"

Tagged:

Comments

  • First decrypt it completely and get the plaintext and then try to manipulate the cookie based on that.You can't just add -plaintext 'user:admin' without knowing how the cookie looks like.I'd suggest you watch ippsec's video on Lazy to get a better understanding of what I'm talking about.

    Hack The Box

    Don't let the box pwn you!!

  • I did find the correct syntax after decryption of the cookie but it still takes me to the profile page of the user i created.

  • I did end up finding it. Just messed a bit with the command and it worked :lol:

Sign In to comment.