Hey guys, I’ve been playing with this one for a bit and I have found myself stuck. I have tried the…
! padding attack
but I place the “Encrypted value” in for the cookie, it takes me to a black profile. I then ran it through Burp Suite’s Intruder feature using the bit flip, each cookie still sent the request back to my profile. Any hints or ideas of where I am messing up at?
! $ padbuster http://188.8.131.52:45812/profile.php LF8ciWB9XXLHhDKwITFlCmJk8bOGby99bGUqc3F5iAZHBrdpu/mMMg== 8 --cookies “iknowmag1k=LF8ciWB9XXLHhDKwITFlCmJk8bOGby99bGUqc3F5iAZHBrdpu/mMMg==” -plaintext “user=admin”