Hi, I am stuck on Broken Authentication - Skills Assesment. I have the users with country Extension and their passwords, I decrypted htb-sessid cookie, I have htb_sessid_persistent. But I don´t know how to escalate privileges or discover admin module
Hey there, if you’re still working on it there are some more accounts that you have to find the same way you found the user with the extension. (Hint: It’s a forbidden prefix in the account creation page with extensions.) Then forget all about the persistent cookie (it didn’t even show up for me) and use the newly found accounts and some basic roles to forge a new cookie. Also something I can’t quite explain, but when I was looking for the flag in the final steps I couldn’t use just modified requests or it would keep saying the original user couldn’t have that role. Instead, I used the burp repeater which allowed me to get the flag in the response.