I Know Mag1k

@CANC3RMAN said:
Can this challenge be completed with only using burpsuite?

No :slight_smile:

@drtychai can you help me?

@takuma said:
@CANC3RMAN said:
Can this challenge be completed with only using burpsuite?

No :slight_smile:

I didnā€™t use Burp.

can anyone please help me with this problem

could someone help? :frowning:

@crevettedragon said:

@vitorgrohs said:

@crevettedragon said:
Hi,

@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I donā€™t want to spoil anyone Iā€™ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

Once you know what to forge and want to forge it you might use a command that takes as one of itā€™s parameter a ā€œtextThatHasToPutInEncodedFormā€ (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{ā€œNameā€}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.

Man, you really fucked my noob brainā€¦ but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}

when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?

@noman said:

@crevettedragon said:

@vitorgrohs said:

@crevettedragon said:
Hi,

@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I donā€™t want to spoil anyone Iā€™ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

Once you know what to forge and want to forge it you might use a command that takes as one of itā€™s parameter a ā€œtextThatHasToPutInEncodedFormā€ (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{ā€œNameā€}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.

Man, you really fucked my noob brainā€¦ but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}

when i put a question (?) after the echo i am getting that question mark back in my result
what is my mistake?

Remove the question mark? xD

How to enter (Find the easy pass) Reversing challenge flag to Submit HTB{password}

The b0x was super c00l. Never did something like this! Need a little nudge? I am open to help! Inbox. :slight_smile:

Can someone assist me with the tool. I am struggling to get it cracking.

@ActivateD inbox me if youā€™re still struggling

im stuck with ERROR: All of the responses were identical.
any help pls

please, can anyone help me on this:
ERROR: All of the responses were identical.

Double check the Block Size and try again.

Alrighty my bois! Trying out this cookie monster challenge lol

SOā€¦ I have busted the cookie using techniques demonstrated by ippsec in ā€˜lazyā€™ walkthrough.

Now trying to create create the admin cookie. After busting the cookie tho. I got some plaintext in the form of javascriptā€¦ um wut??

I dont know how to use that javascript lol.

Pay attention to the number of encryption blocks!!! ;D

Last hint for everyone hehehe

Should I really be using plaintext?? XDD

Alsoā€¦ is the admin user ā€˜adminā€™?

hehe good luck all just solved this ā– ā– ā– ā–  took me all god daum day stupid oraclesā€¦

@fl337 said:
Last hint for everyone hehehe

Should I really be using plaintext?? XDD

Alsoā€¦ is the admin user ā€˜adminā€™?

hehe good luck all just solved this ā– ā– ā– ā–  took me all god daum day stupid oraclesā€¦

PlainText is necessary, or not?

Tried different users and roles in the encrypted cookie, but canā€™t inject it. What do i miss?

@drtychai said:
Just finished this chall. Feel free to PM me for a nudge.

I PM-ed youā€¦ quiet thoā€¦ :frowning:

my padbuster hangs in

INFO: Starting PadBuster Decrypt Mode
*** Starting Block 1 of 4 ***

INFO: No error string was providedā€¦starting response analysis

do I have to wait hours for this to complete?