I Know Mag1k

Quoted Spoiler Removed - Arrexel

Another huge spoiler. Having taken a decent amount of time and significant effort to learn the methodology in this attack myself … It’s honestly pretty shitty to see someone just put it all out there like this …

Ive “busted” the admin cookie too but i cant use it to connect as admin.Whatever padding i try i just get 500. Any hints about that?Im hard stuck

Spoiler Removed - Arrexel

All hints can be found here:) Just read all posts and you will get flag for sure:)

@beginner2010 said:
All hints can be found here:) Just read all posts and you will get flag for sure:)

What this guy means is “All spoilers can be found here - read all the posts and you will have the answer handed to you and not learn a single thing from this challenge”

Fixed that for ya.

Spoiler Removed - Arrexel

@crevettedragon said:
Spoiler Removed - Arrexel

Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

@vitorgrohs said:

@crevettedragon said:
Hi,

@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don’t want to spoil anyone I’ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

Once you know what to forge and want to forge it you might use a command that takes as one of it’s parameter a “textThatHasToPutInEncodedForm” (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{“Name”}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.

Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

Hail,

Same here. Hope some “chosen one” could help with one more hint.

it’s done… haaa… “I know Kungfu”

@vitorgrohs said:

@crevettedragon said:
Hi,

@InsOp said:
i guess the plaintext parameter gets confused with all those quotation marks. i got slightly upset when i figured that out :anguished:

Indeed I ran into the same issue and lost quite some time over something so trivial so I thought I could head over to the forum and help. Since this is my first post and I don’t want to spoil anyone I’ll try and formulate this in a way people that are not to this stage will not understand ( note to moderators: feel free to edit my comment otherwise ):

Once you know what to forge and want to forge it you might use a command that takes as one of it’s parameter a “textThatHasToPutInEncodedForm” (name voluntary modified not to be searchable too easily) . Some characters like " and , have to be escaped.
For example if you want to pass the following:
Hi,Iam{“Name”}
You need to escape as :
Hi,Iam{"Name"}
To test your escaped text just echo it in you bash.
Hope it helped.

Man, you really fucked my noob brain… but thats ok, lets move on. I stucked like almost everyone here and maybe my problem is this holy quotation marks. Is it like: {"eua":"boss","owner":"eua"}?

simple, echo it in your bash to test the escaping :
echo {\"eua\":\"boss\"\,\"owner\":\"eua\"}?
result:
{"eua":"boss","owner":"eua"}

I’m on this challenge and i would like to have some tips WITHOUT reading spoiler.
Can anybody give some tips here or via PM ? I’ve understand the first video but i’m blocked right now.

Anybody can tell me how to have bit flipping capacity for free ? Because i need it to break into but it’s only available in burp pro …

where can i research more about how to solve the responses were indentical issue?

Be careful posting spoilers guys, this thread was full of them. They have all been removed.

hahah got the flag… fvck this challenge hahah

I really need a hint about this challenge…i’ve been trying for days to manipulate “some” value behind cookies to be more than just a user…i really would appreciate HINTS here…

@CGonzalo said:
I really need a hint about this challenge…i’ve been trying for days to manipulate “some” value behind cookies to be more than just a user…i really would appreciate HINTS here…

hi also at the same point. pls ping me if you want to share exp.

@mirkus @CGonzalo pm me if needed

@mirkus @CGonzalo I can also assist if needed.

I solved this challenge with jackshd help. However i appreciate your attitude for help me @Scarab!