@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out
Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don't want to spoil anyone I'll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):
Once you know what to forge and want to forge it you might use a command that takes as one of it's parameter a "textThatHasToPutInEncodedForm" (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{"Name"}
You need to escape as :
Hi\,Iam{\"Name\"}
To test your escaped text just echo it in you bash.
Hope it helped.
Man, you really fucked my noob brain... but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
simple, echo it in your bash to test the escaping : echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result: {"eua":"boss","owner":"eua"}
when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?
@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out
Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don't want to spoil anyone I'll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):
Once you know what to forge and want to forge it you might use a command that takes as one of it's parameter a "textThatHasToPutInEncodedForm" (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{"Name"}
You need to escape as :
Hi\,Iam{\"Name\"}
To test your escaped text just echo it in you bash.
Hope it helped.
Man, you really fucked my noob brain... but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
simple, echo it in your bash to test the escaping : echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result: {"eua":"boss","owner":"eua"}
when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?
Hi guys, im stuck with the reencryption. Can someone give me a nudge?
Edit: Done with this challenge! It was so fun and it gives me a lot to think of! Thank you so much for the HTB team. Anyone who is having a difficulty, feel free to pm me
I'm looking for help on this if anyone is available. I've completed another challenge I found elsewhere online for the same type of vulnerability without issue. I can't get the tool I'm using to work consistently at all, it consistently fails after 10-15 minutes of working. Really time consuming.
I'd appreciate it if anyone could lend a hand =]
Update: I've figured it out. The tool has a setting that really messed with me. I thought I had tried manipulating them all, clearly not enough. Thank god PenTesterLabs has a similar challenge. I never would have figured it out otherwise.
hey i'm trying to bust the cookie but when i use the tool i get the response
"ERROR: All of the responses were identical.
Double check the Block Size and try again."
tried to use the full cookie but couldn't find way to make the syntax pass
received thos ekind of errors
"Encrypted Bytes must be evenly divisible by Block Size (8)
Encrypted sample length is 1. Double check the Encoding and Block Size."
someone can please hint me to the right way?
@jamesgreen said:
I need some help please. I have decypted the thing that needs to be decrypted. and got back {"user":"XXX","role":"XXX"} then when I recrypt that value and inject it . it doesn't work. I have tried different user account types and roles. what am I missing?
Are you using the same encoding technique when encrypting?
I am also wondering why we need to add back slashes. If decoding produced the values it did, why can't we just edit those and re-encode with the -plaintext option? PM if you don't want to spoil, but I want to learn here and figure out what this accomplishes.
Hi guys ,
For months now i’ve struggled on this challenge . The main issue is i’ve encrypted the cookie to something that related to the admin page , fired burp so i can send the request but i got a massive roadblock . I seem to be redirected back to the user page , please can one of you amazing hackers help a bro out 😎
@bkmstar, i have solved it. i can provide some guidance if needed. dm me.
to others that solved it without hints, how did you know what direction to take and tool to use. i would be interested in hearing your approach. thanks
@beginner2010 said:
All hints can be found here:) Just read all posts and you will get flag for sure:)
What this guy means is "All spoilers can be found here - read all the posts and you will have the answer handed to you and not learn a single thing from this challenge"
Fixed that for ya.
I know this is an old comment, but literally see you on every thread crying about spoilers. LOL cry more
Comments
when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?
Remove the question mark? xD
How to enter (Find the easy pass) Reversing challenge flag to Submit HTB{password}
The b0x was super c00l. Never did something like this! Need a little nudge? I am open to help! Inbox.
Can someone assist me with the tool. I am struggling to get it cracking.
@ActivateD inbox me if you're still struggling
im stuck with ERROR: All of the responses were identical.
any help pls
please, can anyone help me on this:
ERROR: All of the responses were identical.
Double check the Block Size and try again.
Alrighty my bois! Trying out this cookie monster challenge lol
SO... I have busted the cookie using techniques demonstrated by ippsec in 'lazy' walkthrough.
Now trying to create create the admin cookie. After busting the cookie tho. I got some plaintext in the form of javascript... um wut??
I dont know how to use that javascript lol.
Pay attention to the number of encryption blocks!!! ;D
Last hint for everyone hehehe
Should I really be using plaintext?? XDD
Also.... is the admin user 'admin'?
hehe good luck all just solved this shit took me all god daum day stupid oracles...
PlainText is necessary, or not?
Tried different users and roles in the encrypted cookie, but can’t inject it. What do i miss?
I PM-ed you.. quiet tho..
my padbuster hangs in
INFO: Starting PadBuster Decrypt Mode
*** Starting Block 1 of 4 ***
INFO: No error string was provided...starting response analysis
do I have to wait hours for this to complete?
Hey guys, im stuck on this. Busted, trying to reencrypt, tried escaping, no luck. Please PM me whoever is available
check ur commands
Hi guys, im stuck with the reencryption. Can someone give me a nudge?
Edit: Done with this challenge! It was so fun and it gives me a lot to think of! Thank you so much for the HTB team. Anyone who is having a difficulty, feel free to pm me
Thanks for the great support in this thread
I'm looking for help on this if anyone is available. I've completed another challenge I found elsewhere online for the same type of vulnerability without issue. I can't get the tool I'm using to work consistently at all, it consistently fails after 10-15 minutes of working. Really time consuming.
I'd appreciate it if anyone could lend a hand =]
Update: I've figured it out. The tool has a setting that really messed with me. I thought I had tried manipulating them all, clearly not enough. Thank god PenTesterLabs has a similar challenge. I never would have figured it out otherwise.
Spoiler Removed - Arrexel
I'm so close on this one... can I pm someone to see if I'm on the correct path?
hey i'm trying to bust the cookie but when i use the tool i get the response
"ERROR: All of the responses were identical.
Double check the Block Size and try again."
tried to use the full cookie but couldn't find way to make the syntax pass
received thos ekind of errors
"Encrypted Bytes must be evenly divisible by Block Size (8)
Encrypted sample length is 1. Double check the Encoding and Block Size."
someone can please hint me to the right way?
i am getting this while decrypt cookies
ERROR: All of the responses were identical
some one help me
Probably using the wrong php page.
On my i7 laptop took over 30 min.
I am also wondering why we need to add back slashes. If decoding produced the values it did, why can't we just edit those and re-encode with the -plaintext option? PM if you don't want to spoil, but I want to learn here and figure out what this accomplishes.
Thanks!
For months now i’ve struggled on this challenge . The main issue is i’ve encrypted the cookie to something that related to the admin page , fired burp so i can send the request but i got a massive roadblock . I seem to be redirected back to the user page , please can one of you amazing hackers help a bro out 😎
Much Appreciated
@bkmstar, i have solved it. i can provide some guidance if needed. dm me.
to others that solved it without hints, how did you know what direction to take and tool to use. i would be interested in hearing your approach. thanks
I know this is an old comment, but literally see you on every thread crying about spoilers. LOL cry more