HTB academy - Skills assessment - Using web proxies -

hey guys, im really stucked in this part of the final skills assessment. once you decode the cookie, you will notice that it is only 31 characters long, which appears to be an md5 hash missing its last character. So, try to fuzz the last character of the decoded md5 cookie with all alpha-numeric characters, while encoding each request with the encoding methods you identified above. (You may use the “alphanum-case.txt” wordlist from Seclist for the payload). the cookie it’s encode with b64 and ascii hex, i tried in several ways attacking with burp, but server response is always 200 ok for every payload. I really don’t know what i’m doing wrong… It’s suppose that if you take the cookie and add a final alphanum to the payload code b64-ascii hex, server will response anything different. any hint, please?

1 Like

I make the same step and I don’t find solution.

Prepare the list of all possible 32char long hashes (31 + a-zA-Z0-9)
Use Burp Intruder to format the list entries (as You wrote encode with b64 and later with ascii hex)
Exploit

I have tried multiple ways to get the flag. It seems that one can get it only by using Burp. (it is also what the hint says)

2 Likes

Did you ever figure it out??? This question is driving me crazy

I got the flag using Burp/ZAP, the flag will be visible using one of those tools. :slight_smile:

I’m stuck too have you figured it out?

if you’re using Burp, it’s all about the payload processing. The hint for the question matches up with an option for payload processing, won’t say much beyond that.

After you have your rules setup, read them out loud just to make sure every step is accounted for :slight_smile:

seams like I can’t do it with zap or? Does someone know how to write your own encoder in zap?

with burp it was pretty easy

Well if you try to put the 88 long cookie in answer won`t work, make a payload encode it in 64 then encode it in hex then start making requests, when you open it in a browser there will be a will be a the flag , green and sparkling :smile:!

I have just cracked it too - and instead of 94 results from that “alphanum-case.txt” that I got in the first place following the “hint”, I made my own list that is just 0-9 a-f A-F and found it amongst the 22

When I ran burp suite all of my hits came back with the 200 OK code. So is there a flag on the page or do I enter the cookie for the answer?

anyone can help me? i’m stuck here

What is the problem? What have you done ?

You are doing it correct, the flag is located under the Response tab in Burp Suite.

2 Likes

I have done everything as it is written in the hint. Unfortunately burp does not encode my md5 prefix but only my placeholder at the ADD position. i don’t get it.

still having no luck with this one at all. Like OP mentions, all my attempts come back with 200 OK

I used burp and I made my own wordlist:
Try letters a-f(individually) and 0-9 individually

Also A-F capital letters

Thanks for the tip. I admittedly did continue to use the wordlist they advised, but I have cracked it.

Essentially in the payload processing section, I didn’t have the rules in the correct order. The decoded cookie wasn’t being encoded essentially, whereas the last character was.

If OP is still trying to work this out. Don’t pay attention to the 200 OK part, that isn’t the change you’re looking for. It’s the page length you are looking out for.

1 Like