I Know Mag1k

@drtychai said:
Just finished this chall. Feel free to PM me for a nudge.

Thank you for your big help and “wasting” your valuable time to help me with a problem.
I do appreciate that! Thx.

I really enjoyed this challenge. It did have some tricky parts.
Ok to DM me if anyone hits a wall and needs a sanity check / guidance.

Spoiler Removed - Arrexel

Hi,
So I got stuck with this one.

I’m busting the cookie but got stuck with this response.
ERROR: All of the responses were identical.

Can someone PM me and point me in the right direction? Will be much appreciated!

Figured it out, Thanks!

Got it FINALLY. It was hard but I learned a ton.

@Concr3ta said:
Figured it out, Thanks!

I think we’re following each other :smile:

hi, IS the PHPSESSID cookie brute-force attack right way?

you don’t have to brute-force anything

hello> @jackshd said:

you don’t have to brute-force anything]

I solve this challenge. Thank you for spending your valuable time to help me with a problem. I do appreciate that!

Wow that was cool! Once I found the right tool, it was fairly straightforward. The second part tripped me up because I also got “ERROR: All of the responses were identical”, but I removed the extra parameters I had added that time and it worked after doing the whole long process again.

To get the tool to work, you just have to fiddle with the options and ensure you’re including everything you need to. If you’ve never used the tool, take some time to actually research the actual attack/vuln as well as it’s pretty interesting.

can anyone help me the type of decryption or encryption this is?

Guys may i ask u something?I tried to use burp sequencer.I turn intercept on i press login(with correct username and password) but when i press action->send to sequencer and then after clicking start live capture i get no tokens for some reason( on token location i have : iknowmag1k=etc)

@Largoat
i’m also stuck on how to encrypt the plaintext cookie, how did you solve it ?

@Spacessd said:
Guys may i ask u something?I tried to use burp sequencer.I turn intercept on i press login(with correct username and password) but when i press action->send to sequencer and then after clicking start live capture i get no tokens for some reason( on token location i have : iknowmag1k=etc)

It is because you have PHPSESSID in Cookie. Just remove it and sequencer will be able to capture tokens.
But I am not sure, what to do with those, as I used tool for pad busting, succesfully decoded cookie, but got stuck after this point until I realized that I must escape from this:D

The most difficult part for me was find right tool. Other steps are pretty simple.

@godexmachine said:
The most difficult part for me was find right tool. Other steps are pretty simple.

can help me ,i decoded the cookie and i creat the admin one , i have tried to put in the request but no luck yet !!

I need some help please. I have decypted the thing that needs to be decrypted. and got back {“user”:“XXX”,“role”:“XXX”} then when I recrypt that value and inject it . it doesn’t work. I have tried different user account types and roles. what am I missing?

jamesgreen you are doing well , look at number of blocks when you want to encrypt the new one ! you will relate things together !