HTB academy - Skills assessment - Using web proxies -

hey guys, im really stucked in this part of the final skills assessment. once you decode the cookie, you will notice that it is only 31 characters long, which appears to be an md5 hash missing its last character. So, try to fuzz the last character of the decoded md5 cookie with all alpha-numeric characters, while encoding each request with the encoding methods you identified above. (You may use the “alphanum-case.txt” wordlist from Seclist for the payload). the cookie it’s encode with b64 and ascii hex, i tried in several ways attacking with burp, but server response is always 200 ok for every payload. I really don’t know what i’m doing wrong… It’s suppose that if you take the cookie and add a final alphanum to the payload code b64-ascii hex, server will response anything different. any hint, please?

1 Like

I make the same step and I don’t find solution.

Prepare the list of all possible 32char long hashes (31 + a-zA-Z0-9)
Use Burp Intruder to format the list entries (as You wrote encode with b64 and later with ascii hex)
Exploit

I have tried multiple ways to get the flag. It seems that one can get it only by using Burp. (it is also what the hint says)

2 Likes

Did you ever figure it out??? This question is driving me crazy

I got the flag using Burp/ZAP, the flag will be visible using one of those tools. :slight_smile:

I’m stuck too have you figured it out?

if you’re using Burp, it’s all about the payload processing. The hint for the question matches up with an option for payload processing, won’t say much beyond that.

After you have your rules setup, read them out loud just to make sure every step is accounted for :slight_smile:

seams like I can’t do it with zap or? Does someone know how to write your own encoder in zap?

with burp it was pretty easy

Well if you try to put the 88 long cookie in answer won`t work, make a payload encode it in 64 then encode it in hex then start making requests, when you open it in a browser there will be a will be a the flag , green and sparkling :smile:!

I have just cracked it too - and instead of 94 results from that “alphanum-case.txt” that I got in the first place following the “hint”, I made my own list that is just 0-9 a-f A-F and found it amongst the 22

When I ran burp suite all of my hits came back with the 200 OK code. So is there a flag on the page or do I enter the cookie for the answer?

anyone can help me? i’m stuck here