I know Mag1k

Nevermind, the cookies was wrong :confused:

ANyone here who resolved the identical response error

I am stuck here… Any idea/hint someone pls?

You need to use a specific tool to solv this challenge. It would be a spoiler to tell you more…

i use tools to get the key of the cookie,but error.

ERROR: All of the responses were identical.

Double check the Block Size and try again.

any idea or Hint ?

I tried different aproaches to solve this challenge and I get same block size errors as well.

check the syntax of how you are running that tool, dont forget to include the FULL cookie and then the partial cookie you are trying to decrypt. if you guys are having trouble PM me and ill see what i can do

I got the command to run without any errors but I am not sure if I am using the right swiches to ge the right results

H1 i have the key {somethig:sdf,somethingelse:sadf} i dont know how to advance from here, my key has garbage in the end i use and 8 in this

One real magician needs to know the art of escaping.

@SynAckPwn23 said:
One real magician needs to know the art of escaping.

send me a message

I sent a request with the new cookie, the page doesn’t change. Any hints please? :slight_smile:

@null
worked first time for me, did you re-encode the cookie correctly?

Check ipsec lazy video and google oracle padding attack

@Zerathu said:
@null
worked first time for me, did you re-encode the cookie correctly?

I think so.
I didn’t change the numerical parameter for the tool used. Should I change it?

@Afolic said:
Check ipsec lazy video and google oracle padding attack
I did and followed it by the book.

Nah,u dont have to, after u ve gotten how the data is saved on the server then u should know how to encode it, check padbuster help on how to use the encoding option

the ipsec lazy video misses out on a lot of syntax issues that are required to solve this

@Afolic said:
Nah,u dont have to, after u ve gotten how the data is saved on the server then u should know how to encode it, check padbuster help on how to use the encoding option

I read the manual and re-encoded using the p******** parameter. I used this result to replace the initial cookie. I expected it to work but didn’t. Which is why I wrote the quoted text below.

@null said:
I sent a request with the new cookie, the page doesn’t change. Any hints please? :slight_smile:

any nudge will be appreciated here. I got the encrypted value using the tool but replaced it as the second cookie parameter but the login user does not change.

@null @securityNinja Feel free to PM me, if you need further help.