Official Forgot Discussion

Most likely a check somewhere in cookies ?

You’re on the right track, yeah. Think about how you can change the cookie to apply to a specific directory

1 Like

I would be confused as to how you can do this. The session cookie is created randomly, so how would you forge an admin session without an admin cookie? Actually getting this cookie is proving difficult.

Don’t focus on the actual cookie string. Think about how the cookie and the server interact.

1 Like

FWIW, I never needed to steal the admin’s cookie (or forge it). Maybe there is more than one way for the foothold, but I paid a lot of attention to some of the headers I saw in the responses. You might be able to trick the server into saving something it’s not supposed to. I hope this isn’t too spoiler-y.

1 Like

I still can’t figure out how to do it… :roll_eyes:
In our case, I only see analytical cookies and a session ID that cannot be forged….

if anyone can help. im stuck on the first part. i have a bunch of ideas. but cant figure out how it all works. hence why i need to study more web stuff. i know / or think, that i need to somehow get a cookie. and I’m hearing stuff about CSS?

Have you been able to change your password and log in yet?

Was able to bypass the web login, is there something that needs to be bypassed in the /escalate page? In particular the link parameter? Or is it to find a way to view the contents of the existing tickets? Saw the disabled page, but not able to get through on the current session.

I have tried everything and I can’t, I don’t know if it is a machine error or what. I don’t know if after passing the login panel I have to go through cookies or another header. I need help please

What should I do next after I have successfully logged in?

Nobody seems to know that. And who knows - is in no hurry to talk…

Anyone able to give a nudge on user, im looking at the previous comments and its not clicking with what i need to do, i see what is happening on the 302 around a dir, which i feel is on the right line but not sure.

Finally solved it, i had the wrong idea before so ignore what i say

Hello friend please help us with a hint about what to do after login. I have been trying for a whole week and I don’t see a solution. Thank you

just rooted the box. but seriously i still don’t know whats going on with web exploitation. first attempt i try to access the “forbidden” page, i got 200 response without modify anything. but next time i got access denied. lucky, my first attempt still logged on burp history, so i can view the credentials.

1 Like

It’s very cool. Tell us all how you got to the disabled page. Please.

1 Like

Well this is the 1st medium machine I try absolutly by my own. After I searched for directories and subdomains I tried injecting parameters so I found a couple of usernames. I looked for vulnerabilities of the 2 services I found but nothing interesting (maybe I dont know enough to imagine how to follow). I tried desperately bruteforcing passwords (I didn’t have more ideas, evenknowing it doesn’t use to work on these challenges) but neither worked. Sincerely, I have no clue on how to bypass this login. Maybe some http smuggling? if so, I’ll have to spend some time learning about it because I don’t know too much. I’d appreciate some help so I’ll learn new and interesting tricks!

Replied in PM

1 Like

The problem has not been solved yet. How to get to the disabled page. Who can, write to the PM.