I really need a hint about this challenge...i've been trying for days to manipulate "some" value behind cookies to be more than just a user...i really would appreciate HINTS here...
@CGonzalo said:
I really need a hint about this challenge...i've been trying for days to manipulate "some" value behind cookies to be more than just a user...i really would appreciate HINTS here...
hi also at the same point. pls ping me if you want to share exp.
Is this database error (Database Connection Error: SQLSTATE[HY000] [2002] No such file or directory) an real error or part of the challenge?
I've already looked at the challenge, and believe that the error is new. Am I right, or is it part of it?
Okay, thank you working now... But I'm have no idea how to decode the string, need a hint please I thought it would be a base* encoding but it doesn't seams to be one, which encoding are using the = (%3D)?
@NicoF2000 said:
Okay, thank you working now... But I'm have no idea how to decode the string, need a hint please I thought it would be a base* encoding but it doesn't seams to be one, which encoding are using the = (%3D)?
So I'm trying to encrypt my {s:tr,i:ng} but for some reason the one i get has some weird characters at the end and the cookies I'm trying to use does nothing..
I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?
@typhoonsstorm3 said:
I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?
I am on the same spot. tried to change the other part of the cookie also to True. but no result
@typhoonsstorm3 said:
I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?
I am on the same spot. tried to change the other part of the cookie also to True. but no result
Can anyone help me? i've tried the bitflipping with burpsuite grepping the username on profile, but the problem is that i don't get error and so i'm not able to enumerate the users to find others.
Can anyone give me a hint or PM me?
Comments
Anybody can tell me how to have bit flipping capacity for free ? Because i need it to break into but it's only available in burp pro ..
where can i research more about how to solve the responses were indentical issue?
Be careful posting spoilers guys, this thread was full of them. They have all been removed.
hahah got the flag.. fvck this challenge hahah
I really need a hint about this challenge...i've been trying for days to manipulate "some" value behind cookies to be more than just a user...i really would appreciate HINTS here...
hi also at the same point. pls ping me if you want to share exp.
@mirkus @CGonzalo pm me if needed
@mirkus @CGonzalo I can also assist if needed.
I solved this challenge with jackshd help. However i appreciate your attitude for help me @Scarab!
Is this database error (Database Connection Error: SQLSTATE[HY000] [2002] No such file or directory) an real error or part of the challenge?
I've already looked at the challenge, and believe that the error is new. Am I right, or is it part of it?
@NicoF2000 This issue is because the port assigned is changed. Reconnect to the challenge and try again.
@NicoF2000 PM to me if you want, it happened to me
Okay, thank you working now... But I'm have no idea how to decode the string, need a hint please
I thought it would be a base* encoding but it doesn't seams to be one, which encoding are using the = (%3D)?
its url encoding
Year sure, I asked which encoding except base* is using the '=' special character, I also got '/', ...
So I'm trying to encrypt my {s:tr,i:ng} but for some reason the one i get has some weird characters at the end and the cookies I'm trying to use does nothing..
Any advice?
The user name and cookie is available, can someone point me in the right directions.
Hi, I am getting this error during decryption. Help?
"ERROR: All of the responses were identical.
Double check the Block Size and try again."
You may be using the command in a wrong way.
Any tips for solving this challenge? I just solved 'Grammar'. Is it similar to that?
Just figured this out. Awesome challenge.
i use tools to get the key of the cookie,but error.
ERROR: All of the responses were identical.
Double check the Block Size and try again.
any idea or Hint ?
Pls PM me/
I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?
I am on the same spot. tried to change the other part of the cookie also to True. but no result
I'm also stuck here.
Got it. Was an error on my part.
Can anyone help me? i've tried the bitflipping with burpsuite grepping the username on profile, but the problem is that i don't get error and so i'm not able to enumerate the users to find others.
Can anyone give me a hint or PM me?
Spoiler Removed - Arrexel
Spoiler Removed - Arrexel
Hi, can someone PM me with a hint?
I got the cookie and decoded....
Not sure what im doing wrong in next step ...