IKnowMag1k (Web)

Hey guys, I’ve been playing with this one for a bit and I have found myself stuck. I have tried the…

! padding attack
but I place the “Encrypted value” in for the cookie, it takes me to a black profile. I then ran it through Burp Suite’s Intruder feature using the bit flip, each cookie still sent the request back to my profile. Any hints or ideas of where I am messing up at?

My command:

! $ padbuster LF8ciWB9XXLHhDKwITFlCmJk8bOGby99bGUqc3F5iAZHBrdpu/mMMg== 8 --cookies “iknowmag1k=LF8ciWB9XXLHhDKwITFlCmJk8bOGby99bGUqc3F5iAZHBrdpu/mMMg==” -plaintext “user=admin”

First decrypt it completely and get the plaintext and then try to manipulate the cookie based on that.You can’t just add -plaintext ‘user:admin’ without knowing how the cookie looks like.I’d suggest you watch ippsec’s video on Lazy to get a better understanding of what I’m talking about.

I did find the correct syntax after decryption of the cookie but it still takes me to the profile page of the user i created.

I did end up finding it. Just messed a bit with the command and it worked :lol: