WEB Challenges (I know Mag1k)

in here i got this
“Cookie: PHPSESSID=2q730tudrno1lkc534a5mj4033; iknowmag1k=76Q59%2FmPo9AllYbBtzkeF7H6mMTpCDkUBt18ec0MxJTUgPCIXjmhCw%3D%3D”

Even after doing research i didn’t get how to decrypt it , so i ended up seeing the walk-through in which told its a padding oracle .

Now my question is just by seeing the cookie how does one determine its padding oracle?

I suspected what it was for two reasons.

One, I built a similar challenge for another CTF around the time I went to see the challenge, which helped me to identify it quite fast.
Two, you can narrow down the set of available options and focus on certain tools because:

  1. It doesn’t look like a hash (hash-dentifier can help you there).
  2. It doesn’t decode to plaintext either.
  3. So, it’s some kind of crypto. From there, it can be maybe a textbook RSA, CBC byte flipping, hash length extension, you get the idea. Try, fail, remove it from the list and keep doing until something works.

some light google searching will reveal a tool that basically solves this challenge for you. oh well!

Is some still one this ? i am stuck on the last part of this challenge pm me

@uzmakin495 padBuster.pl can help you

Owned challenge ^^
“Easy” with the right tools and Syntax

Ask me (DM) if you need some help …

I am having trouble working with padBuster.pl in the newest version of kali. Noob here want some guidance

i don’t get why using automated tools tbh, ok, you got the flag but did you really learnt something?