I Know Mag1k

I’ve decrypted the cookie. However when I encrypt the parameters it doesn’t do anything. I’ve tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {“u”:“s”,“r”:“a”} plaintext. And ideas on what I could be missing?

@typhoonsstorm3 said:
I’ve decrypted the cookie. However when I encrypt the parameters it doesn’t do anything. I’ve tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {“u”:“s”,“r”:“a”} plaintext. And ideas on what I could be missing?

I am on the same spot. tried to change the other part of the cookie also to True. but no result

@w31rd0 said:

@typhoonsstorm3 said:
I’ve decrypted the cookie. However when I encrypt the parameters it doesn’t do anything. I’ve tried many different variations, but now I am quite confused at what I could be doing wrong. I have the tool, I have the {“u”:“s”,“r”:“a”} plaintext. And ideas on what I could be missing?

I am on the same spot. tried to change the other part of the cookie also to True. but no result

I’m also stuck here.

Got it. Was an error on my part.

Can anyone help me? i’ve tried the bitflipping with burpsuite grepping the username on profile, but the problem is that i don’t get error and so i’m not able to enumerate the users to find others.
Can anyone give me a hint or PM me?

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

Hi, can someone PM me with a hint?
I got the cookie and decoded…
Not sure what im doing wrong in next step …

Just finished this chall. Feel free to PM me for a nudge.

@drtychai said:
Just finished this chall. Feel free to PM me for a nudge.

Thank you for your big help and “wasting” your valuable time to help me with a problem.
I do appreciate that! Thx.

I really enjoyed this challenge. It did have some tricky parts.
Ok to DM me if anyone hits a wall and needs a sanity check / guidance.

Spoiler Removed - Arrexel

Hi,
So I got stuck with this one.

I’m busting the cookie but got stuck with this response.
ERROR: All of the responses were identical.

Can someone PM me and point me in the right direction? Will be much appreciated!

Figured it out, Thanks!

Got it FINALLY. It was hard but I learned a ton.

@Concr3ta said:
Figured it out, Thanks!

I think we’re following each other :smile:

hi, IS the PHPSESSID cookie brute-force attack right way?

you don’t have to brute-force anything

hello> @jackshd said:

you don’t have to brute-force anything]

I solve this challenge. Thank you for spending your valuable time to help me with a problem. I do appreciate that!

Wow that was cool! Once I found the right tool, it was fairly straightforward. The second part tripped me up because I also got “ERROR: All of the responses were identical”, but I removed the extra parameters I had added that time and it worked after doing the whole long process again.