Most likely a check somewhere in cookies ?
Youāre on the right track, yeah. Think about how you can change the cookie to apply to a specific directory
1 Like
I would be confused as to how you can do this. The session cookie is created randomly, so how would you forge an admin session without an admin cookie? Actually getting this cookie is proving difficult.
Donāt focus on the actual cookie string. Think about how the cookie and the server interact.
1 Like
FWIW, I never needed to steal the adminās cookie (or forge it). Maybe there is more than one way for the foothold, but I paid a lot of attention to some of the headers I saw in the responses. You might be able to trick the server into saving something itās not supposed to. I hope this isnāt too spoiler-y.
1 Like
I still canāt figure out how to do itā¦ 
In our case, I only see analytical cookies and a session ID that cannot be forgedā¦.
if anyone can help. im stuck on the first part. i have a bunch of ideas. but cant figure out how it all works. hence why i need to study more web stuff. i know / or think, that i need to somehow get a cookie. and Iām hearing stuff about CSS?
Have you been able to change your password and log in yet?
Was able to bypass the web login, is there something that needs to be bypassed in the /escalate page? In particular the link parameter? Or is it to find a way to view the contents of the existing tickets? Saw the disabled page, but not able to get through on the current session.
I have tried everything and I canāt, I donāt know if it is a machine error or what. I donāt know if after passing the login panel I have to go through cookies or another header. I need help please
What should I do next after I have successfully logged in?
Nobody seems to know that. And who knows - is in no hurry to talkā¦
Anyone able to give a nudge on user, im looking at the previous comments and its not clicking with what i need to do, i see what is happening on the 302 around a dir, which i feel is on the right line but not sure.
Finally solved it, i had the wrong idea before so ignore what i say
Hello friend please help us with a hint about what to do after login. I have been trying for a whole week and I donāt see a solution. Thank you
just rooted the box. but seriously i still donāt know whats going on with web exploitation. first attempt i try to access the āforbiddenā page, i got 200 response without modify anything. but next time i got access denied. lucky, my first attempt still logged on burp history, so i can view the credentials.
1 Like
Itās very cool. Tell us all how you got to the disabled page. Please.
1 Like
Well this is the 1st medium machine I try absolutly by my own. After I searched for directories and subdomains I tried injecting parameters so I found a couple of usernames. I looked for vulnerabilities of the 2 services I found but nothing interesting (maybe I dont know enough to imagine how to follow). I tried desperately bruteforcing passwords (I didnāt have more ideas, evenknowing it doesnāt use to work on these challenges) but neither worked. Sincerely, I have no clue on how to bypass this login. Maybe some http smuggling? if so, Iāll have to spend some time learning about it because I donāt know too much. Iād appreciate some help so Iāll learn new and interesting tricks!
Replied in PM
1 Like
The problem has not been solved yet. How to get to the disabled page. Who can, write to the PM.