BROKEN AUTHENTICATION [academy]. Bruteforcing Cookies

continent1 · February 5, 2023, 6:22pm

I am stuck on the second part of the question; the rememberme token assignment. I have been looking for hints on the Forum but can’t find any. Are there any additional hints?

The token length seems always to be 26 characters long and they always seem to have lower case letters and numbers. Also, when logging out there is an HTBPersistent cookie and a PHPSESSID cookie which are set to: expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/

Doesn’t that mean that the PHPSESSID cookie has expired and no longer valid? If it is no longer valid, it is not really a rememberme cookie.

thanks for any help.

continent1

Limitless · February 25, 2024, 7:02pm

for those who are still stuck in question 1 after you get the decoded text in the role placeholder think like a (super)

Limitless · February 25, 2024, 7:44pm

focus only on cookie used by HTBPERSISTENT ignore PHPSESSID then use cyberchef then in first use URL decode then the magic option to detect the algorithm

chaopzka · March 11, 2024, 12:09am

Any clues u wanna share im still lost here /question2/