I Know Mag1k

1356

Comments

  • Just finished this chall. Feel free to PM me for a nudge.

    drtychai

  • @drtychai said:
    Just finished this chall. Feel free to PM me for a nudge.

    Thank you for your big help and "wasting" your valuable time to help me with a problem.
    I do appreciate that! Thx.

  • I really enjoyed this challenge. It did have some tricky parts.
    Ok to DM me if anyone hits a wall and needs a sanity check / guidance.

  • edited May 2018

    Spoiler Removed - Arrexel

  • Hi,
    So I got stuck with this one.

    I'm busting the cookie but got stuck with this response.
    ERROR: All of the responses were identical.

    Can someone PM me and point me in the right direction? Will be much appreciated!

  • Figured it out, Thanks!

  • Got it FINALLY. It was hard but I learned a ton.

  • @Concr3ta said:
    Figured it out, Thanks!

    I think we're following each other :smile:

  • edited June 2018

    hi, IS the PHPSESSID cookie brute-force attack right way?

  • you don't have to brute-force anything

  • edited June 2018

    hello> @jackshd said:

    you don't have to brute-force anything]

    I solve this challenge. Thank you for spending your valuable time to help me with a problem. I do appreciate that!

  • Wow that was cool! Once I found the right tool, it was fairly straightforward. The second part tripped me up because I also got "ERROR: All of the responses were identical", but I removed the extra parameters I had added that time and it worked after doing the whole long process again.

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • To get the tool to work, you just have to fiddle with the options and ensure you're including everything you need to. If you've never used the tool, take some time to actually research the actual attack/vuln as well as it's pretty interesting.

  • can anyone help me the type of decryption or encryption this is?

  • edited July 2018

    Guys may i ask u something?I tried to use burp sequencer.I turn intercept on i press login(with correct username and password) but when i press action->send to sequencer and then after clicking start live capture i get no tokens for some reason( on token location i have : iknowmag1k=etc)

  • @Largoat
    i'm also stuck on how to encrypt the plaintext cookie, how did you solve it ?

  • @Spacessd said:
    Guys may i ask u something?I tried to use burp sequencer.I turn intercept on i press login(with correct username and password) but when i press action->send to sequencer and then after clicking start live capture i get no tokens for some reason( on token location i have : iknowmag1k=etc)

    It is because you have PHPSESSID in Cookie. Just remove it and sequencer will be able to capture tokens.
    But I am not sure, what to do with those, as I used tool for pad busting, succesfully decoded cookie, but got stuck after this point until I realized that I must escape from this:D

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • The most difficult part for me was find right tool. Other steps are pretty simple.

    godexmachine

  • @godexmachine said:
    The most difficult part for me was find right tool. Other steps are pretty simple.

    can help me ,,i decoded the cookie and i creat the admin one ,, i have tried to put in the request but no luck yet !!

  • I need some help please. I have decypted the thing that needs to be decrypted. and got back {"user":"XXX","role":"XXX"} then when I recrypt that value and inject it . it doesn't work. I have tried different user account types and roles. what am I missing?

  • jamesgreen you are doing well ,, look at number of blocks when you want to encrypt the new one ! you will relate things together !

  • @jamesgreen said:
    I need some help please. I have decypted the thing that needs to be decrypted. and got back {"user":"XXX","role":"XXX"} then when I recrypt that value and inject it . it doesn't work. I have tried different user account types and roles. what am I missing?

    Are you using the same encoding technique when encrypting?

    artikrh

  • Can this challenge be completed with only using burpsuite?

  • edited July 2018

    I have completed this challenge on Pentestor labs just to make sure I have the method right. I can't seem to understand why its not working on this.

    Also Artikrh, there are 4 blocks,
    1st block {"X":
    2nd block "user","
    3rd block role":"X
    4th block X"}01010101010

  • @stormy said:
    jamesgreen you are doing well ,, look at number of blocks when you want to encrypt the new one ! you will relate things together !

    ' ' OMG I hate my life, I have done it done . Thanks :)

  • @CANC3RMAN said:
    Can this challenge be completed with only using burpsuite?

    No :)

    I don't have Signature...

  • @drtychai can you help me?

  • > @takuma said:
    > @CANC3RMAN said:
    > Can this challenge be completed with only using burpsuite?
    >
    >
    >
    >
    >
    > No :)

    I didn't use Burp.

    einfallstoll

  • can anyone please help me with this problem

  • could someone help? :(

Sign In to comment.