Hey everyone.
I’m stuck on the second part of the second skills assessment. I have the cookie HMAC secret, I tried to use PHPGGC because of the known version of CodeIgniter.
But I keep getting the error “Error: invalid authentication cookie detected!”
I tried to change the PHPGGC code on the gadget.php file of the chain I chose, and appended the ‘username’, ‘id’ and ‘role’ keys to maybe bypass regex filters but I got the same error.
Thanks!
DM me if you still help on that!
HI!
I also encountered this, similar problem. Can you tell me which direction to go? I have already started changing the code PHPGGC 
Hint for the RCE, it’s not the same vulnerability as the first.
I’m still on it but can’t solve it. Got the second input and a valid object to import. Trying to do it with a wrapper script using phpggc but the code does not execute. I’m using ping to not trigger any filters. Any tips for me?
Need a little bit of help, managed to answer the first question and get the admin flag, but the second one I only get Error: dangerous authentication cookie detected!
***FOUND IT!!!
hey man, did you have to do obfuscation for question 2? i can ping myself, but can’t get rce…
But if you can ping you’re in fact getting rce… So maybe you need to choose another payload for getting the connection back, now I’m out of my house so I don remember exactly what I did, sorry…
I arrive tomorrow, is you still need help I can assist you then