Day 01 - Christmas Crisis
Date: 01, December, 2020
Author: Dhilip Sanjay S
Fundamentals
The Web
DNS, IP address (Try Intro to Networking room)
HTTP(S)
HTTP headers, request, response (Try Web Fundamentals room)
Cookies
Editing cookie name and value - Privilege escalation
Solutions
1. What is the name of the cookie used for authentication?
Answer: auth
Steps to reproduce:
Press
Ctrl+Shift+I
(or)F12
in browser.In chrome, go to Application Tab and select Cookies under Storage section to view the cookies.
In Firefox, click on Storage tab to view the cookies.
2. In what format is the value of this cookie encoded?
Answer: Hexadecimal
Steps to reproduce:
It contains characters - 1 to 9, a to f.
Use CyberChef to find out the format.
3. Having decoded the cookie, what format is the data stored in?
Answer: JSON
Steps to reproduce:
Use CyberChef and select From Hex option to decode.
By seeing the format
{key: value}
, you can identify it's JSON.
4. Figure out how to bypass the authentication. What is the value of Santa's cookie?
Answer: 7b22636f6d70616e79223a22546865204265737420466573746976616c20436f6d70616e79222c2022757365726e616d65223a2273616e7461227d
Steps to reproduce:
Remember, the cookie is used to identify the user account in this web app.
So, modify the
username
parameter in the decoded JSON format and encode back To Hex using CyberChef.Your modified cookie JSON must look like this:
CWE-565: Reliance on Cookies without Validation and Integrity Checking
5. What is the flag you're given when the line is fully active?
Answer: THM{MjY0Yzg5NTJmY2Q1NzM1NjBmZWFhYmQy}
Steps to reproduce:
Turn all the options to Active in the web app, the flag will be displayed at the bottom.
Last updated