Can anyone help me with the cookie tampering. I am unable to decode the cookie.
Assess the web application and use various techniques to escalate to a privileged user and find a flag in the admin panel. Submit the contents of the flag as your answer.
I logged in as one of the support user. but stuck at cookie. Which cookie should I decode and which is the correct decoding algo. I tried decoding both below but no luck
you can’t decode htb_sessid_persistent, look only on htb_sessid. What is it looks like? For 1st step, use CyberChef and decode URL Then maybe, you’ll have some hints. Or try this link
Use Hash-identifier and find out what is the algorithm being used after you got the hash from base64 decoding. If you find the algorithm, then check out if there are any tools that can crack that hash with any popular wordlist.
Then maybe, you’ll have some hints. Or try