Hey all,
I have been poking this challenge for a few days now. I have created users and attempted to enumerate more users. I can see that the SIPS 0.2.2 vulnerability (username enumeration) is present, but I cannot seem to exploit it.
Can anyone give me a hint?
Thanks
Comments
Spoiler Removed - Arrexel
Spoiler Removed - Arrexel
Look into crypto tools that involve making requests to the server, I don't think you can perform this attack manually very easily.
Would you have any to recommend? Something like Burp?
It's almost like there's some sort of ... pad ... that needs ... busted ...?
ippsec made a video about that, cant remember which one, i guess on lazy
Haha yes that's the one I found earlier today. Just got this tool running and got some interesting feedback
Thanks for your input!
I'm not having a difficulty while "busting" the cookie. However, i do need a little bit of push regarding how to reach the administrator account?
Spoiler Removed - Arrexel
Well, I'm blocked too. I have a new valid token (200 OK
) with a relevant role, but the substitution doesn't work (nothing else happen). However, I suspect my token to be invalid, this is the first time that I use this tool. So I don't know if I have to push my research elsewhere or if I have to fix my mess. Any tips?
@r00tbeer said:
My problem is finding the relevant login. Oracle is not much of a problem for me. Need a push at that.
hint: very very very good
Spoiler Removed - Arrexel
I managed to "bust" the cookie too. I seem to have trouble manipulating it to become "an" admin or become "the" admin. Guys, any hints towards that?
Hey Everyone.
I tried use the SPOILER and I had this result (I don't know if is a spoiler or not, sorry if is spoiler):
SPOILER
Anybody find this result ?
That's the direction ?
Anybody have another cool hint ?
Thanks dudes
Spoiler Removed - Arrexel
https://www.hackthebox.eu/profile/18655
use encoded base and add some padding.
You're serious right now?? How do you seriously say "I don't know if this is a spoiler or not" ?? You basically just gave anyone who has no idea how to get to this point half of the challenge for free. This is a huge spoiler... This much information should never be posted on ANY challenge/machine that isn't retired ... Wow..
Quoted Spoiler Removed - Arrexel
Another huge spoiler. Having taken a decent amount of time and significant effort to learn the methodology in this attack myself ... It's honestly pretty shitty to see someone just put it all out there like this ...
Ive "busted" the admin cookie too but i cant use it to connect as admin.Whatever padding i try i just get 500. Any hints about that?Im hard stuck
Spoiler Removed - Arrexel
All hints can be found here:) Just read all posts and you will get flag for sure:)
What this guy means is "All spoilers can be found here - read all the posts and you will have the answer handed to you and not learn a single thing from this challenge"
Fixed that for ya.
Spoiler Removed - Arrexel
Man, you really fucked my noob brain... but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
Hail,
Same here. Hope some "chosen one" could help with one more hint.
it's done... haaa... "I know Kungfu"
simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}
I'm on this challenge and i would like to have some tips WITHOUT reading spoiler.
Can anybody give some tips here or via PM ? I've understand the first video but i'm blocked right now.