Bruteforcing Cookies

Hi all,

I’m writing about the session brute forcing cookies, at the question:

“Log in to the target application and tamper the rememberme token to give yourself super user privileges. After escalating privileges, submit the flag as your answer.”

An example of cookie:
kec7nvbb7a6lkvhfbpiktmq9d2

I tried all decoder and I couldn’t find any that works for it. Someone has any idea?
Thanks

Hey!
Before you continue, make sure you are trying the right cookie. That doesn’t look like the right format for the persistent cookie.
-onthesauce

1 Like

Can some one help me how to decode 2nd question of Brute forcing cookie

question : Log in to the target application and tamper the rememberme token to give yourself super user privileges. After escalating privileges, submit the flag as your answer.

Hi, I am too stuck on same question2. Any hint on decode please

Hello everyone
-onthesauce, hints that the cookie file may NOT be correct.
Then the question is how to display the correct file?
(where to look for it, if not in BurpSuite)
P.S.
Padding oracle attack should I use it in this task or should I look for the right cookies

Dont forget to check the “remember me” box! :wink:

I got persistence cookie from response but I don’t know how to decode HTBPERSISTENT=eJwrLU4tssooSSoF0tZF TmpVsUlpSmpeSXWJZm5qVaGZuZGRiaGpubmAE4LDlM= I tested from base64 but I don’t retrieve any hexadecimal value only raw bytes from there…Thanks in advance

If you haven’t done this yet, you should check out the example they give with Cyberchef during the module. If you replicate that you’ll get a hex value and then you can go from there (file signatures are your friend).

hey I found the file type and extension, what now ? where do I go from there ?

Not sure if you’re in the right thread? That sounds like a file upload question and not a cookie brute forcing question?

No, I am. It is part of cookie brute forcing lab. When it gets decoded, it gives out clues like file type, extension and MIME. Since you’ve solved it I was wondering what is next because I am not sure what to do with that info. I’ve re-read the course, still no clue

Ok I think I know what you mean. I assume you’re busy with question 2? Have you decoded to get a hex value and worked out the MIME? Did you manage to decode further and get the cookie details? The only thing you should get is user, role, and time. It’s the same as question 1, just encoded differently.

From there, you need to change the role and re-encode it. I think you’re mistaking file type/extension for encoding type. Use Cyberchef.

Sorry, I did use CypherChef and was able to get the first half of the cookie’s details, but not sure where to go from there

Use intense “Magic”, it will work. Magic is all you need to know to decrypt the cookie.