Skills Assessment - Broken Authentication

discovolante · March 30, 2022, 10:19am

That was pretty helpful and I managed to find ~~one~~ two more users like this using the message page (after having created a user). However I fail to tamper the cookie as I am a bit blocked…the cookie seems to be a hash of something. I am really wondering how to proceed.

discovolante · March 30, 2022, 11:45am

Got it! Nice escalation of multiple steps!

onthesauce · March 30, 2022, 10:59pm

Nice glad you got it!

CrazyHorse302 · April 26, 2022, 12:12am

This module is killing me! Any tips on the word-list to use to enumerate the user on the final assessment? I found where to enumerate the user, it looks like guest is the only other user aside from the one I created that I can find so far…

lucazzz · August 11, 2022, 4:58pm

There is another one that you can see “manually” on the website. Once logged in, just read the site contents…
As already mentioned… Skills Assessment - Broken Authentication - #2 by onthesauce

dfgdfdfgdfd · August 14, 2022, 12:22am

Hi, I created my thread. Can you help me?

QuickFix914 · August 28, 2022, 10:29pm

Question can you combined two wordlist when searching for a wordlist? When create a login they ask for the following:

-20 word min
-Start with a capital letter
-End with a digit

Do the other users passwords have the same requirements?

dark007 · August 30, 2022, 5:15am

Can you please suggest how did you tampered cookie. I am also stuck at cookie. Which encoding algo u used?

miedzsinski · September 28, 2022, 1:30pm

Hey! Have you got the username? How did you enumerate them? I used a lot of different wordlists but I always end up with the two known usernames…

asergo · September 28, 2022, 2:16pm

Hi!! In the support page you can find the way to enumerate usernames, and a clue about how the usernames are made.
Then, review the end of the brute forcing usernames section to get an idea about the naming convention.
If not clear enough, DM me

0x416e6173 · September 29, 2022, 11:07am

Hi, i got all support users and their passwords but i cant find any admin panel or flag. any hints please

asergo · September 29, 2022, 4:16pm

Once you can log in with the support account, you have to work on cookies to elevate privileges.

DPY314 · November 11, 2022, 11:15pm

I think im only at one step of getting it, but i cant figure out what “role” you need to put on the cookie, I tried with: root, admin, administrator, htbadmin, super, superuser, sun… I dont know if that thing about “following the sun” has something to do…

q3alique · November 18, 2022, 9:11am

Hi, I have found 5 new users with 3 valid passwords. I also found how htb_sessid is made so I was able to create my own sessid with different roles but nothings seems to works with those users. I am a bit stuck on with this assessment. Someone could give a hint about next step? thank you

DPY314 · November 26, 2022, 10:03pm

I was just trying with the wrong accounts. Keep looking for other accounts!

eloud · January 29, 2023, 9:38pm

same for me.
Anyone have a hint?
Thanks

amitnsw · February 23, 2023, 9:36am

Hi @onthesauce ,

Can I get some help with this module please. I have a few usernames obtained from message.php, I decoded the cookie, which ends up as just the username, but changing the cookie always gives the message - the requested role is not available for this user.

thanks

oli310 · February 25, 2023, 2:11pm

I identified 3 support and 3 admin users. (name.country_code)
I know how htb_sessid works
I found 2 suitable passwords from rockyou. Couldn’t log in with any of them.
When logging in, I always get this: “User valid_user cannot have requested role”
What am I doing wrong/What am I not noticing?

dougthonus · March 7, 2023, 12:09pm

This one was brutal for me, one piece of advice I had is when you figure out a format that regional accounts are in, that format might apply to more than support accounts.

boxth · April 20, 2023, 11:09am

I’m already logged in as a support user, but how do I use cookies to escalate privileges?