Hey everyone.
I’m stuck on the second part of the second skills assessment. I have the cookie HMAC secret, I tried to use PHPGGC because of the known version of CodeIgniter.
But I keep getting the error “Error: invalid authentication cookie detected!”
I tried to change the PHPGGC code on the gadget.php file of the chain I chose, and appended the ‘username’, ‘id’ and ‘role’ keys to maybe bypass regex filters but I got the same error.
I’m still on it but can’t solve it. Got the second input and a valid object to import. Trying to do it with a wrapper script using phpggc but the code does not execute. I’m using ping to not trigger any filters. Any tips for me?
Need a little bit of help, managed to answer the first question and get the admin flag, but the second one I only get Error: dangerous authentication cookie detected!
But if you can ping you’re in fact getting rce… So maybe you need to choose another payload for getting the connection back, now I’m out of my house so I don remember exactly what I did, sorry…
I arrive tomorrow, is you still need help I can assist you then