Advent of Cyber 2: Day 1
Come back folks, Day 1 which is on Web Exploitation. For this machine, you are required to have some knowledge of HTTP(S) and Cookie (not the biscuits).
If you don’t have much knowledge of protocols and cookies, I am mentioning some links to go through with that.
I also attach the snaps of HTTP(S) and Cookies by John Hammond.
Now, if you are filled with the knowledge, then we can land on our tasks.
For this task, I am just registering an account with username: test and password: password. In the bottom right, you will able to see the message “User Created Successfully”.
After logging, you will get the new web page, which is available below.
Now, if you are using Google Chrome, then press Ctrl + Shift + I, you will be redirected to inspect page, then select the Cookie option, you will get the name of the cookie and the value of the cookie.
Do you know, the value of the cookie is Hexadecimal and that file is stored in JSON.
Here, you have to use the decoder to decode that value of the cookie. I will suggest, use https://gchq.github.io/CyberChef/ to decode.
See above, what you got, an ASCII message!!
Now, there is a twist in the challenge, you have to find the Santa's cookie, so do one thing just copied the text you get after decoding and then change the username from test to Santa and again decode it. I mentioned below for your reference:
Now, in the above image, you get the cookie value of Santa. Copy this value and go to that inspect page and replace the older value of the cookie with this. Now, refresh the page, see what you get?
Did you notice something, with the Santa's account, you are now able to activate the control of the webpage. Now, just try to turn ON all the options and see will you get anything or not?
Do you notice?, after turning ON all options, you are able to see the flag at the bottom.
Congratulations, you will get the flag!!
Now, keep waiting for other parts to come.
Till then, Happy Hacking, Happy Cracking!!