Introduction to Deserialization Attacks Skill Assessment 2

Hey everyone.
I’m stuck on the second part of the second skills assessment. I have the cookie HMAC secret, I tried to use PHPGGC because of the known version of CodeIgniter.
But I keep getting the error “Error: invalid authentication cookie detected!”
I tried to change the PHPGGC code on the gadget.php file of the chain I chose, and appended the ‘username’, ‘id’ and ‘role’ keys to maybe bypass regex filters but I got the same error.

Thanks!

DM me if you still help on that!

HI!
I also encountered this, similar problem. Can you tell me which direction to go? I have already started changing the code PHPGGC :frowning:

Hint for the RCE, it’s not the same vulnerability as the first.

I’m still on it but can’t solve it. Got the second input and a valid object to import. Trying to do it with a wrapper script using phpggc but the code does not execute. I’m using ping to not trigger any filters. Any tips for me?

Need a little bit of help, managed to answer the first question and get the admin flag, but the second one I only get Error: dangerous authentication cookie detected!

***FOUND IT!!!