I Know Mag1k

Hey all,

I have been poking this challenge for a few days now. I have created users and attempted to enumerate more users. I can see that the SIPS 0.2.2 vulnerability (username enumeration) is present, but I cannot seem to exploit it.

Can anyone give me a hint?

Thanks

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

Look into crypto tools that involve making requests to the server, I don’t think you can perform this attack manually very easily.

Would you have any to recommend? Something like Burp?

It’s almost like there’s some sort of … pad … that needs … busted …?

ippsec made a video about that, cant remember which one, i guess on lazy

Haha yes that’s the one I found earlier today. Just got this tool running and got some interesting feedback =)
Thanks for your input!

I’m not having a difficulty while “busting” the cookie. However, i do need a little bit of push regarding how to reach the administrator account?

Spoiler Removed - Arrexel

Well, I’m blocked too. I have a new valid token (200 OK :slight_smile: ) with a relevant role, but the substitution doesn’t work (nothing else happen). However, I suspect my token to be invalid, this is the first time that I use this tool. So I don’t know if I have to push my research elsewhere or if I have to fix my mess. Any tips?

@r00tbeer said:

I would suggest looking up ‘SPOILER’.

My problem is finding the relevant login. Oracle is not much of a problem for me. Need a push at that.

hint: very very very good

Spoiler Removed - Arrexel

@Omnisec said:
I’m not having a difficulty while “busting” the cookie. However, i do need a little bit of push regarding how to reach the administrator account?

I managed to “bust” the cookie too. I seem to have trouble manipulating it to become “an” admin or become “the” admin. Guys, any hints towards that?

Hey Everyone.

I tried use the SPOILER and I had this result (I don’t know if is a spoiler or not, sorry if is spoiler):

SPOILER

Anybody find this result ?

That’s the direction ?

Anybody have another cool hint ?

Thanks dudes

Spoiler Removed - Arrexel

use encoded base and add some padding.

@PauloBeckk said:
Spoiler Removed - Arrexel

You’re serious right now?? How do you seriously say “I don’t know if this is a spoiler or not” ?? You basically just gave anyone who has no idea how to get to this point half of the challenge for free. This is a huge spoiler… This much information should never be posted on ANY challenge/machine that isn’t retired … Wow…