Grammar

Thanks that helped a lot, onto the next part of the challenge :stuck_out_tongue:

I have been stuck on the second part of this challenge for days now. I have found what there is to find in the cookie itself, decoded it and seen the structure. Upon re-encoding I see that there is almost a checksum of sorts that is being used.

What I am struggling with is figuring out what this checksum is and how it works regarding the other parts of the cookie. Can I PM someone about a hint, or even just to bounce ideas off of?

Hey HTB members :slight_smile:
Seems like i ran out of option i’ve tried to enumerate/bruteforce directories with no luck
Any recommended wordlist to use in this case?

@cyborg said:
Hey HTB members :slight_smile:
Seems like i ran out of option i’ve tried to enumerate/bruteforce directories with no luck
Any recommended wordlist to use in this case?

/ is not right way. Use default page at php

Anyone can give a hint about cookie? What way is real?

  • bypass MAC (example, “MAC”:“None”) or other flaws
  • need to enumerate algorithm of signature (example, username:isadmin admin:True)
  • it is a known vulnerability (example, padding oracle)

Help pls:)

Spoiler Removed - Arrexel

@mrschyte said:
Spoiler Removed - Arrexel

thanks! i didn’t exploit this issue yet, it will be a great experience

still cannot figure out what to do with this challenge :frowning: according to r2d2, I have to
bruteforce directories from the default php configuration which is not at /. I tried to brute force using dirb directories without any fruitfull information. Can anybody guide me to get my foot in front of the door? thanks :tired_face:

@Linoge said:
still cannot figure out what to do with this challenge :frowning: according to r2d2, I have to
bruteforce directories from the default php configuration which is not at /. I tried to brute force using dirb directories without any fruitfull information. Can anybody guide me to get my foot in front of the door? thanks :tired_face:

You don’t need to brute force anything. You’ll need to send a specific type of HTTP request to the default PHP page in order to get to the next step of the challenge.

watch the video

I feel like I have been stuck halfway through this challenge for going on 4 days now. I have the cookie, tried decode/encode make every form of request I can think of and i’m not making any headway. Clearly I am overthinking something here. Any clues as to what I should be focusing on.

think m0re !

HMAC am i on the right track?

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

This is my first post, I’m still stuck on getting past/find correct page that’s not 403 error…
someone stated it’s not brute forced and you need to send a special http request… I’m totally lost here. I tried dirb at index.php and a few other content discovery techniques with no luck… I watched the video too, no help there except lots of buzz words causing me confusion…

Help would be greatly appreciated. or message me. thanks,

can anyone dm me?
i know everything expect how to alter the sig hash , btw i tested if it’s vuln to some PHP unsafe comparisons

Spoiler Removed - Arrexel

I do have the same issue as slawill. I don’t know how to abuse the juggling vulnerability. I tried using names to get something “zero-like” on the MAC, but I don’t think this is the right way is it? Can someone push me in the right direction? Please DM me or answer here.

Someone that can help me out? Pls PM

@slawill said:
Spoiler Removed - Arrexel

I’m stuck in the same place, does anyone have any suggestions on how to continue?