I Know Mag1k

hi, IS the PHPSESSID cookie brute-force attack right way?

you don’t have to brute-force anything

hello> @jackshd said:

you don’t have to brute-force anything]

I solve this challenge. Thank you for spending your valuable time to help me with a problem. I do appreciate that!

Wow that was cool! Once I found the right tool, it was fairly straightforward. The second part tripped me up because I also got “ERROR: All of the responses were identical”, but I removed the extra parameters I had added that time and it worked after doing the whole long process again.

To get the tool to work, you just have to fiddle with the options and ensure you’re including everything you need to. If you’ve never used the tool, take some time to actually research the actual attack/vuln as well as it’s pretty interesting.

can anyone help me the type of decryption or encryption this is?

Guys may i ask u something?I tried to use burp sequencer.I turn intercept on i press login(with correct username and password) but when i press action->send to sequencer and then after clicking start live capture i get no tokens for some reason( on token location i have : iknowmag1k=etc)

@Largoat
i’m also stuck on how to encrypt the plaintext cookie, how did you solve it ?

@Spacessd said:
Guys may i ask u something?I tried to use burp sequencer.I turn intercept on i press login(with correct username and password) but when i press action->send to sequencer and then after clicking start live capture i get no tokens for some reason( on token location i have : iknowmag1k=etc)

It is because you have PHPSESSID in Cookie. Just remove it and sequencer will be able to capture tokens.
But I am not sure, what to do with those, as I used tool for pad busting, succesfully decoded cookie, but got stuck after this point until I realized that I must escape from this:D

The most difficult part for me was find right tool. Other steps are pretty simple.

@godexmachine said:
The most difficult part for me was find right tool. Other steps are pretty simple.

can help me ,i decoded the cookie and i creat the admin one , i have tried to put in the request but no luck yet !!

I need some help please. I have decypted the thing that needs to be decrypted. and got back {“user”:“XXX”,“role”:“XXX”} then when I recrypt that value and inject it . it doesn’t work. I have tried different user account types and roles. what am I missing?

jamesgreen you are doing well , look at number of blocks when you want to encrypt the new one ! you will relate things together !

@jamesgreen said:
I need some help please. I have decypted the thing that needs to be decrypted. and got back {“user”:“XXX”,“role”:“XXX”} then when I recrypt that value and inject it . it doesn’t work. I have tried different user account types and roles. what am I missing?

Are you using the same encoding technique when encrypting?

Can this challenge be completed with only using burpsuite?

I have completed this challenge on Pentestor labs just to make sure I have the method right. I can’t seem to understand why its not working on this.

Also Artikrh, there are 4 blocks,
1st block {“X”:
2nd block “user”,"
3rd block role":“X
4th block X”}01010101010

@stormy said:
jamesgreen you are doing well , look at number of blocks when you want to encrypt the new one ! you will relate things together !

’ ’ ■■■ I hate my life, I have done it done . Thanks :slight_smile:

@CANC3RMAN said:
Can this challenge be completed with only using burpsuite?

No :slight_smile:

@drtychai can you help me?

@takuma said:
@CANC3RMAN said:
Can this challenge be completed with only using burpsuite?

No :slight_smile:

I didn’t use Burp.