I know Mag1k

edited April 2018 in Challenges

Spoiler Removed - Arrexel

Tagged:

Comments

  • I'm stucking exactly on this... No idea how the string is encoded

    Hack The Box

  • what to do with a cookie in this challenge.
    any hint

  • can someone PM me? I think I got the right cookie but it doesn't change anything.

  • Nevermind, the cookies was wrong :/

  • ANyone here who resolved the identical response error

    B0rN2R00T

  • I am stuck here... Any idea/hint someone pls?

  • You need to use a specific tool to solv this challenge. It would be a spoiler to tell you more...

    Hack The Box

  • i use tools to get the key of the cookie,but error.

    ERROR: All of the responses were identical.

    Double check the Block Size and try again.

    any idea or Hint ?

  • I tried different aproaches to solve this challenge and I get same block size errors as well.

  • check the syntax of how you are running that tool, dont forget to include the FULL cookie and then the partial cookie you are trying to decrypt. if you guys are having trouble PM me and ill see what i can do

    Panda Carry

  • I got the command to run without any errors but I am not sure if I am using the right swiches to ge the right results

  • edited June 2018

    H1 i have the key {somethig:sdf,somethingelse:sadf} i dont know how to advance from here, my key has garbage in the end i use and 8 in this

  • One real magician needs to know the art of escaping.

  • @SynAckPwn23 said:
    One real magician needs to know the art of escaping.

    send me a message

  • I sent a request with the new cookie, the page doesn't change. Any hints please? :)

  • @null
    worked first time for me, did you re-encode the cookie correctly?

  • Check ipsec lazy video and google oracle padding attack
  • @Zerathu said:
    @null
    worked first time for me, did you re-encode the cookie correctly?

    I think so.
    I didn't change the numerical parameter for the tool used. Should I change it?

    @Afolic said:
    Check ipsec lazy video and google oracle padding attack

    I did and followed it by the book.

  • Nah,u dont have to, after u ve gotten how the data is saved on the server then u should know how to encode it, check padbuster help on how to use the encoding option

  • the ipsec lazy video misses out on a lot of syntax issues that are required to solve this

  • edited August 2018

    @Afolic said:
    Nah,u dont have to, after u ve gotten how the data is saved on the server then u should know how to encode it, check padbuster help on how to use the encoding option

    I read the manual and re-encoded using the p******** parameter. I used this result to replace the initial cookie. I expected it to work but didn't. Which is why I wrote the quoted text below.

    @null said:
    I sent a request with the new cookie, the page doesn't change. Any hints please? :)

  • any nudge will be appreciated here. I got the encrypted value using the tool but replaced it as the second cookie parameter but the login user does not change.

  • @null @securityNinja Feel free to PM me, if you need further help.

Sign In to comment.