Web Attacks - Bypassing Encoded References

ishsome · April 28, 2023, 2:00am

I need help with the exercise:

Try to download the contracts of the first 20 employee, one of which should contain the flag, which you can read with ‘cat’. You can either calculate the ‘contract’ parameter value, or calculate the ‘.pdf’ file name directly.

I tried using Burp’s Decoder to try 1 to 20 numbers but I was unsuccessful. Reading the source code we can see that the value is first getting base64 encoded and then URL encoded. I was not able to create a curl command to generate the right encoded values for the numbers 1 to 20.

Any help would be greatly appreciated.

Thanks

ishsome · May 2, 2023, 2:08am

I was able to figure it out.

BenKen · May 4, 2023, 7:20pm

i have a simple script that will give you the flag in a touch

BryRam7219 · June 4, 2023, 4:40pm

I found that Burp is the easiest way to get the flag. You just need to understand that MQ%3D%3D is encoded for MQ==. This is also encoding for the number 1. It’s an encoding that we should be pretty familiar with by now. It took me longer to figure out than it should have.