I Know Mag1k

@godexmachine said:
The most difficult part for me was find right tool. Other steps are pretty simple.

can help me ,i decoded the cookie and i creat the admin one , i have tried to put in the request but no luck yet !!

I need some help please. I have decypted the thing that needs to be decrypted. and got back {“user”:“XXX”,“role”:“XXX”} then when I recrypt that value and inject it . it doesn’t work. I have tried different user account types and roles. what am I missing?

jamesgreen you are doing well , look at number of blocks when you want to encrypt the new one ! you will relate things together !

@jamesgreen said:
I need some help please. I have decypted the thing that needs to be decrypted. and got back {“user”:“XXX”,“role”:“XXX”} then when I recrypt that value and inject it . it doesn’t work. I have tried different user account types and roles. what am I missing?

Are you using the same encoding technique when encrypting?

Can this challenge be completed with only using burpsuite?

I have completed this challenge on Pentestor labs just to make sure I have the method right. I can’t seem to understand why its not working on this.

Also Artikrh, there are 4 blocks,
1st block {“X”:
2nd block “user”,"
3rd block role":“X
4th block X”}01010101010

@stormy said:
jamesgreen you are doing well , look at number of blocks when you want to encrypt the new one ! you will relate things together !

’ ’ ■■■ I hate my life, I have done it done . Thanks :slight_smile:

@CANC3RMAN said:
Can this challenge be completed with only using burpsuite?

No :slight_smile:

@drtychai can you help me?

@takuma said:
@CANC3RMAN said:
Can this challenge be completed with only using burpsuite?

No :slight_smile:

I didn’t use Burp.

can anyone please help me with this problem

could someone help? :frowning:

@crevettedragon said:

@vitorgrohs said:

@crevettedragon said:
Hi,

@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don’t want to spoil anyone I’ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

Once you know what to forge and want to forge it you might use a command that takes as one of it’s parameter a “textThatHasToPutInEncodedForm” (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{“Name”}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.

Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}

when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?

@noman said:

@crevettedragon said:

@vitorgrohs said:

@crevettedragon said:
Hi,

@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don’t want to spoil anyone I’ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

Once you know what to forge and want to forge it you might use a command that takes as one of it’s parameter a “textThatHasToPutInEncodedForm” (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{“Name”}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.

Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}

when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?

Remove the question mark? xD

How to enter (Find the easy pass) Reversing challenge flag to Submit HTB{password}

The b0x was super c00l. Never did something like this! Need a little nudge? I am open to help! Inbox. :slight_smile:

Can someone assist me with the tool. I am struggling to get it cracking.

@ActivateD inbox me if you’re still struggling

im stuck with ERROR: All of the responses were identical.
any help pls

please, can anyone help me on this:
ERROR: All of the responses were identical.

Double check the Block Size and try again.