I Know Mag1k

2456

Comments

  • Anybody can tell me how to have bit flipping capacity for free ? Because i need it to break into but it's only available in burp pro ..

    Jugulairel

  • where can i research more about how to solve the responses were indentical issue?

  • Be careful posting spoilers guys, this thread was full of them. They have all been removed.

    Arrexel

  • hahah got the flag.. fvck this challenge hahah

    Hack The Box

  • I really need a hint about this challenge...i've been trying for days to manipulate "some" value behind cookies to be more than just a user...i really would appreciate HINTS here...

  • @CGonzalo said:
    I really need a hint about this challenge...i've been trying for days to manipulate "some" value behind cookies to be more than just a user...i really would appreciate HINTS here...

    hi also at the same point. pls ping me if you want to share exp.

  • @mirkus @CGonzalo I can also assist if needed.

  • I solved this challenge with jackshd help. However i appreciate your attitude for help me @Scarab!

  • Is this database error (Database Connection Error: SQLSTATE[HY000] [2002] No such file or directory) an real error or part of the challenge?
    I've already looked at the challenge, and believe that the error is new. Am I right, or is it part of it?

    Hack The Box

  • @NicoF2000 This issue is because the port assigned is changed. Reconnect to the challenge and try again.

  • @NicoF2000 PM to me if you want, it happened to me

  • Okay, thank you working now... But I'm have no idea how to decode the string, need a hint please ;) I thought it would be a base* encoding but it doesn't seams to be one, which encoding are using the = (%3D)?

    Hack The Box

  • @NicoF2000 said:
    Okay, thank you working now... But I'm have no idea how to decode the string, need a hint please ;) I thought it would be a base* encoding but it doesn't seams to be one, which encoding are using the = (%3D)?

    its url encoding

  • Year sure, I asked which encoding except base* is using the '=' special character, I also got '/', ...

    Hack The Box

  • So I'm trying to encrypt my {s:tr,i:ng} but for some reason the one i get has some weird characters at the end and the cookies I'm trying to use does nothing..

    Any advice?

  • The user name and cookie is available, can someone point me in the right directions.

  • Hi, I am getting this error during decryption. Help?
    "ERROR: All of the responses were identical.

    Double check the Block Size and try again."

  • @kody17 said:
    Hi, I am getting this error during decryption. Help?
    "ERROR: All of the responses were identical.

    Double check the Block Size and try again."

    You may be using the command in a wrong way.

    Randsec

  • Any tips for solving this challenge? I just solved 'Grammar'. Is it similar to that?

  • Just figured this out. Awesome challenge.

  • i use tools to get the key of the cookie,but error.

    ERROR: All of the responses were identical.

    Double check the Block Size and try again.

    any idea or Hint ?

    Pls PM me/

  • I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?

  • @typhoonsstorm3 said:
    I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?

    I am on the same spot. tried to change the other part of the cookie also to True. but no result

  • @w31rd0 said:

    @typhoonsstorm3 said:
    I've decrypted the cookie. However when I encrypt the parameters it doesn't do anything. I've tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {"u":"s","r":"a"} plaintext. And ideas on what I could be missing?

    I am on the same spot. tried to change the other part of the cookie also to True. but no result

    I'm also stuck here.

    Largoat

  • Got it. Was an error on my part.

    Largoat

  • Can anyone help me? i've tried the bitflipping with burpsuite grepping the username on profile, but the problem is that i don't get error and so i'm not able to enumerate the users to find others.
    Can anyone give me a hint or PM me?

  • edited May 2018

    Spoiler Removed - Arrexel

  • edited May 2018

    Spoiler Removed - Arrexel

  • Hi, can someone PM me with a hint?
    I got the cookie and decoded....
    Not sure what im doing wrong in next step ...

Sign In to comment.