I Know Mag1k

Hi guys ,
For months now i’ve struggled on this challenge . The main issue is i’ve encrypted the cookie to something that related to the admin page , fired burp so i can send the request but i got a massive roadblock . I seem to be redirected back to the user page , please can one of you amazing hackers help a bro out ?

Much Appreciated :slight_smile:

@bkmstar, i have solved it. i can provide some guidance if needed. dm me.

to others that solved it without hints, how did you know what direction to take and tool to use. i would be interested in hearing your approach. thanks

@likwidsec said:

@beginner2010 said:
All hints can be found here:) Just read all posts and you will get flag for sure:)

What this guy means is “All spoilers can be found here - read all the posts and you will have the answer handed to you and not learn a single thing from this challenge”

Fixed that for ya.

I know this is an old comment, but literally see you on every thread crying about spoilers. LOL cry more

i solve this challenge fack fack fack :slight_smile:
an hint … the same tool for find vulnerability, test the exploit, apply exploit

Resolved

Hey… any of you noticed this challenge awarding only 5 points ? I’m a bit confused since it said 50 points at the htb web portal… Maybe i just don’t understand how points work… :confused:

EDIT: Nevermind… I read how it works hehe

Thank you a lot for @quas , he helped me in the last step to get the flag.

Can someone help with encrypting the payload please

what follows the next ! mark had me stuck for days… ! ’ Hope it helps.

I solved my problem;

I hope it is not spoiler> Somebody else getting this?
[+] Success: (16/256) [Byte 8]
[+] Success: (51/256) [Byte 7]
ERROR: 500 Can’t connect to docker.hackthebox.eu:37344 (Connection refused)
Retrying in 10 seconds…

EDIT: It was mobile net issue. 500 are gone on stable net

Syntax and correct escaping are crucial. Hours lost because of that.

Spoiler Removed

I am a sophomore student who is new to hacking. I completed HDC with only a slight nudge back on the right track, but for this I am clueless as to where I even start or where my goal is. Can anyone provide me with some resources where I can learn the tools I need for this challenge. I do not need hints, I want to learn how to do this but I don’t know what I need to learn.

Type your comment> @Volkyz said:

Sup everybody, I have decrypted the thing and all of that, but when I encrypt it back it doesn’t work. I tried pretty much every combination. Any help would be appreciated… I’m really struggling with this. Thanks !

EDIT: Nvm, I got it

What program did you use for decrypting?

Hi, I’m stuck… I’m a beginner here and I need some help… tried some stuff with Burpsuite, tried SQL injection but it doesn’t work… can anyone help me?

Thanks!!

I could use some help on how to approach the challenge, i’ve tried a bunch of stuff but anything seem to work, i’m starting to get frustrated

Type your comment> @PAH said:

I could use some help on how to approach the challenge, i’ve tried a bunch of stuff but anything seem to work, i’m starting to get frustrated

Same, I had an idea… but yeah, it probably won’t work… I thought you have to bruteforce the PHPSESSID cookie, so just the PHP session. This is maybe possible just through the browser with some own JavaScript. Changing the cookie, sending a GET request to the profile.php page and saying: if the response isn’t the login page (that’s what you get if your cookie is invalid), log it to the console or something like that.

But yeah… I don’t know exactly how secure the session is… but I think it’s pretty secure… I heard that it was in an earlier version of PHP 160 bits… so it’ll take forever to bruteforce it… and it may be more secure right now… so it won’t work… somebody ideas?

Hello ! I m new and i m trying to do this challenge but i m stuck . Could someone give me a hint ?

i ve decrypted the cookie and modified it ,but it doesn t work .(I tried a lot of different settings but still no succes), can someone please tell me what i m doing wrong

Thanks