I Know Mag1k

Hey all,

I have been poking this challenge for a few days now. I have created users and attempted to enumerate more users. I can see that the SIPS 0.2.2 vulnerability (username enumeration) is present, but I cannot seem to exploit it.

Can anyone give me a hint?

Thanks

«1345

Comments

  • edited March 24

    Spoiler Removed - Arrexel

  • edited March 24

    Spoiler Removed - Arrexel

  • Look into crypto tools that involve making requests to the server, I don't think you can perform this attack manually very easily.

  • Would you have any to recommend? Something like Burp?

  • It's almost like there's some sort of ... pad ... that needs ... busted ...?

    likwidsec

  • ippsec made a video about that, cant remember which one, i guess on lazy

    peek

  • edited November 2017

    Haha yes that's the one I found earlier today. Just got this tool running and got some interesting feedback =)
    Thanks for your input!

  • I'm not having a difficulty while "busting" the cookie. However, i do need a little bit of push regarding how to reach the administrator account?

    Omnisec

  • edited March 24

    Spoiler Removed - Arrexel

  • edited November 2017

    Well, I'm blocked too. I have a new valid token (200 OK :) ) with a relevant role, but the substitution doesn't work (nothing else happen). However, I suspect my token to be invalid, this is the first time that I use this tool. So I don't know if I have to push my research elsewhere or if I have to fix my mess. Any tips?

  • edited January 21

    @r00tbeer said:

    I would suggest looking up 'SPOILER'.

    My problem is finding the relevant login. Oracle is not much of a problem for me. Need a push at that.

    Omnisec

  • hint: very very very good

    peek

  • edited March 24

    Spoiler Removed - Arrexel

  • @Omnisec said:
    I'm not having a difficulty while "busting" the cookie. However, i do need a little bit of push regarding how to reach the administrator account?

    I managed to "bust" the cookie too. I seem to have trouble manipulating it to become "an" admin or become "the" admin. Guys, any hints towards that?

    Hack The Box

  • edited January 21

    Hey Everyone.

    I tried use the SPOILER and I had this result (I don't know if is a spoiler or not, sorry if is spoiler):

    SPOILER

    Anybody find this result ?

    That's the direction ?

    Anybody have another cool hint ?

    Thanks dudes

  • edited March 24

    Spoiler Removed - Arrexel

  • use encoded base and add some padding.

    Agent22

  • edited March 24

    @PauloBeckk said:
    Spoiler Removed - Arrexel

    You're serious right now?? How do you seriously say "I don't know if this is a spoiler or not" ?? You basically just gave anyone who has no idea how to get to this point half of the challenge for free. This is a huge spoiler... This much information should never be posted on ANY challenge/machine that isn't retired ... Wow..

    likwidsec

  • edited March 24

    Quoted Spoiler Removed - Arrexel

    Another huge spoiler. Having taken a decent amount of time and significant effort to learn the methodology in this attack myself ... It's honestly pretty shitty to see someone just put it all out there like this ...

    likwidsec

  • Ive "busted" the admin cookie too but i cant use it to connect as admin.Whatever padding i try i just get 500. Any hints about that?Im hard stuck

    deltaclock

  • edited March 24

    Spoiler Removed - Arrexel

    Hack The Box

  • All hints can be found here:) Just read all posts and you will get flag for sure:)

  • @beginner2010 said:
    All hints can be found here:) Just read all posts and you will get flag for sure:)

    What this guy means is "All spoilers can be found here - read all the posts and you will have the answer handed to you and not learn a single thing from this challenge"

    Fixed that for ya.

    likwidsec

  • edited March 24

    Spoiler Removed - Arrexel

    crevettedragon

  • edited March 24

    @crevettedragon said:
    Spoiler Removed - Arrexel

    Man, you really fucked my noob brain... but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {\"eua\":\"boss\"\,\"owner\":\"eua\"}?

  • @vitorgrohs said:

    @crevettedragon said:
    Hi,

    @InsOp said:
    i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

    Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don't want to spoil anyone I'll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

    Once you know what to forge and want to forge it you might use a command that takes as one of it's parameter a "textThatHasToPutInEncodedForm" (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
    For example if you want to pass the following:
    Hi,Iam{"Name"}
    You need to escape as :
    Hi\,Iam{\"Name\"}
    To test your escaped text just echo it in you bash.
    Hope it helped.

    Man, you really fucked my noob brain... but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {\"eua\":\"boss\"\,\"owner\":\"eua\"}?

    Hail,

    Same here. Hope some "chosen one" could help with one more hint.

  • it's done... haaa... "I know Kungfu"

  • edited January 13

    @vitorgrohs said:

    @crevettedragon said:
    Hi,

    @InsOp said:
    i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

    Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don't want to spoil anyone I'll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

    Once you know what to forge and want to forge it you might use a command that takes as one of it's parameter a "textThatHasToPutInEncodedForm" (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
    For example if you want to pass the following:
    Hi,Iam{"Name"}
    You need to escape as :
    Hi\,Iam{\"Name\"}
    To test your escaped text just echo it in you bash.
    Hope it helped.

    Man, you really fucked my noob brain... but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {\"eua\":\"boss\"\,\"owner\":\"eua\"}?

    simple, echo it in your bash to test the escaping :
    echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
    result:
    {"eua":"boss","owner":"eua"}

    crevettedragon

  • I'm on this challenge and i would like to have some tips WITHOUT reading spoiler.
    Can anybody give some tips here or via PM ? I've understand the first video but i'm blocked right now.

    Jugulairel

Sign In or Register to comment.