ACADEMY: Web Requests - a nudge would be appreciated

taskincomplete · February 12, 2022, 1:32am

thank you!

raff · February 12, 2022, 12:21pm

Hi kons, I didn’t get the logic for hex string in the cookie (admin_xxx). Any tip?

kons · February 12, 2022, 12:24pm

You must replace it by something different than guest_xxxxx. Then encode it URL. Somebody up there in the first posts said very accurately “Guests can be many, but how mnay admins?”

Does it give you a clue?

kons · February 12, 2022, 12:28pm

I had the same feeling, man!

z3r0Day · February 18, 2022, 7:26am

this is solution:
-------> http://64.227.39.89:31203/flag.php?num1=0&num2=1337

kneehighskii · February 19, 2022, 8:39am

Enter admin/password as user_name and password
→Go to page of “admin_xxxxxxxx”
→Not “admin” page!!
→"admin" and “admin_xxxxxxxx” are diffrent user!!

So, you need to go to “admin” page.

Cookie, acquired by enter admin/password, belongs to “admin_xxxxxxxx”.

You should get Cookie for “admin”.

Try to decode some Cookies, to find regularity!!

Good luck!!

benardotom · February 1, 2023, 7:11am

Worked here for me

Topic		Replies	Views
Problem with POST Web Request Module in Academy Off-topic	5	1007	February 10, 2021
Is there anything to get from the POST requests module? Machines beginner , web , post , academy , htb-academy	0	451	April 9, 2021
Module: Using Web Proxies - SubTopic:Burp Intruder Academy academy	4	663	January 4, 2025
POST Method: Cookie Manipulation Challenges cookie , post-method	1	1471	May 2, 2021
SQLMap Essentials Skills Assessment Academy	9	1363	December 14, 2024

ACADEMY: Web Requests - a nudge would be appreciated

Related topics