Help with I know mag1k

Challenge: I know mag1k

Hi Guys! Can anybody dm me with some hint?

I think I figured out which technique should be used. Researched some tool to achieve exploitation, but the decrypted cookie is still not meaningful (or at least seems to be).
Tagged:

Comments

  • I have also problem i am encrypting the cookie but still i when i submit i get my user profile.

  • @Spacessd said:
    I have also problem i am encrypting the cookie but still i when i submit i get my user profile.

    any hint how to decode the cookie ??

  • read the "tool" --help more

    Mist0

  • @Spacessd said:
    I have also problem i am encrypting the cookie but still i when i submit i get my user profile.

    well i encrypt it , and im stuck same as you .. did you have any luck !?

  • In order to solve this challenge, you need to be patient since it will take time and also a little trick. PM me if you want to verify your finding.

  • i am using the "tool" but i can't get the Blocksize, i tried all 5 encoding options and all numbers for blocksize manually. Please help

  • @Gakros said:
    i am using the "tool" but i can't get the Blocksize, i tried all 5 encoding options and all numbers for blocksize manually. Please help

    Yah same to me... anybody know?

  • Is this topic still alive, I'm stuck with encrypting the text. I have tried url encoding the text after encrypting. Tried the encrypted text on burp repeater but I'm still logged in as user. I just need a push in the right direction
  • I'm on this challenge too, but i'm stuck with choosing the cookie to bust, and using the tool in general

  • Can someone please PM me? I'm gonna lose it. I found the plaintext form, changed it to the right value and encrypted it again. But when I try to inject the manually created cookie, I still redirect to my own page, instead of admin!

  • edited December 2018

    dont use plaintext argument to encode, for me it never worked and dont forget quotation marks

    peek

  • edited December 2018

    @peek said:
    dont use plaintext argument to encode, for me it never worked and dont forget quotation marks

    This enlightened me.

    Solved! :)

  • Can someone PM me pls.. I tried encrypting the code i got but no luck.

    -Thanks

  • @peek said:
    dont use plaintext argument to encode, for me it never worked and dont forget quotation marks

    plaintext is for encode or encrypt? im stuck on the same point... i tried differents ways to encrypt the cookie but i'm still in "normal" profile page. Can someone help me?
    Thanks :)

  • edited January 6

    who want to hint this challenge? pm me.

  • awesome challenge, pm if need help

Sign In to comment.