@r00tbeer said:
I would suggest looking up ‘SPOILER’.
My problem is finding the relevant login. Oracle is not much of a problem for me. Need a push at that.
@r00tbeer said:
I would suggest looking up ‘SPOILER’.
My problem is finding the relevant login. Oracle is not much of a problem for me. Need a push at that.
hint: very very very good
Spoiler Removed - Arrexel
@Omnisec said:
I’m not having a difficulty while “busting” the cookie. However, i do need a little bit of push regarding how to reach the administrator account?
I managed to “bust” the cookie too. I seem to have trouble manipulating it to become “an” admin or become “the” admin. Guys, any hints towards that?
Hey Everyone.
I tried use the SPOILER and I had this result (I don’t know if is a spoiler or not, sorry if is spoiler):
SPOILER
Anybody find this result ?
That’s the direction ?
Anybody have another cool hint ?
Thanks dudes
Spoiler Removed - Arrexel
use encoded base and add some padding.
@PauloBeckk said:
Spoiler Removed - Arrexel
You’re serious right now?? How do you seriously say “I don’t know if this is a spoiler or not” ?? You basically just gave anyone who has no idea how to get to this point half of the challenge for free. This is a huge spoiler… This much information should never be posted on ANY challenge/machine that isn’t retired … Wow…
Quoted Spoiler Removed - Arrexel
Another huge spoiler. Having taken a decent amount of time and significant effort to learn the methodology in this attack myself … It’s honestly pretty shitty to see someone just put it all out there like this …
Ive “busted” the admin cookie too but i cant use it to connect as admin.Whatever padding i try i just get 500. Any hints about that?Im hard stuck
Spoiler Removed - Arrexel
All hints can be found here:) Just read all posts and you will get flag for sure:)
@beginner2010 said:
All hints can be found here:) Just read all posts and you will get flag for sure:)
What this guy means is “All spoilers can be found here - read all the posts and you will have the answer handed to you and not learn a single thing from this challenge”
Fixed that for ya.
Spoiler Removed - Arrexel
@crevettedragon said:
Spoiler Removed - Arrexel
Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?
@vitorgrohs said:
@crevettedragon said:
Hi,@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that outIndeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don’t want to spoil anyone I’ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):
Once you know what to forge and want to forge it you might use a command that takes as one of it’s parameter a “textThatHasToPutInEncodedForm” (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{“Name”}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?
Hail,
Same here. Hope some “chosen one” could help with one more hint.
it’s done… haaa… “I know Kungfu”
@vitorgrohs said:
@crevettedragon said:
Hi,@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that outIndeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don’t want to spoil anyone I’ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):
Once you know what to forge and want to forge it you might use a command that takes as one of it’s parameter a “textThatHasToPutInEncodedForm” (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{“Name”}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?
simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}
I’m on this challenge and i would like to have some tips WITHOUT reading spoiler.
Can anybody give some tips here or via PM ? I’ve understand the first video but i’m blocked right now.
Anybody can tell me how to have bit flipping capacity for free ? Because i need it to break into but it’s only available in burp pro …