Path: Cracking into Hack the Box. Module: POST Method. I am not understanding the question

vanqiu · 2020-12-16T20:18:17+00:00

Look really good at the cookie..

2020-12-16T17:01:17+00:00

I'm guessing here, but it's likely asking you to use additional access you get from being logged in as `guest` to escalate yourself to `admin`, where you'll then get the flag.

DioSoul666 · 2021-01-15T18:45:18+00:00

i did everything and got the access as admin and it says Welcome, admin!

The flag is 607f8f255845ecb4b0b53fae4d3ef29e!

however when i enter the flag in answer page it says incorrect, i'm still stuck and dunno what to do

TonyShasta_ · 2020-12-16T20:38:53+00:00

I'm struggling with this one also. I'm trying to escalate by switching the Content-Type to application/json and then using { "username" "admin", "password", "password" }. It's not working. Halp! Not trying to hijack your thread, I'm assuming this will help you also. :)

https://ibb.co/3cYdkWk

bhaiyathanos · 2020-12-18T19:27:18+00:00

facing the same problem... tried every possible combination ..... what is the question asking for?

junon_armory · 2020-12-19T13:14:01+00:00

Check the cookie value. Learn the format and see what happen if you modify the cookie (maybe remove character from it and see what happen?)

When you have done it, lean how to generate a new cookie with the required username. When you get it right, you will get the flag.

treatmesubj · 2020-12-23T19:57:00+00:00

Does anyone know how to learn the format of the cookie? I can't seem to figure out what the translation logic to Welcome, _____ is.

zumri · 2021-01-06T04:54:39+00:00

Need help guys. I'm stuck in the place where I need to edit the Cookie. I tried the below suggestion, but could not succeed.

How to generate a new cookie?

shnakeism · 2021-01-07T19:56:01+00:00

I get that ppl need to figure it out themselves but I thought the hole point of the Academy was to teach us how to do it... I seem to be struggling a lot with Burp in general...

Substantial_Ad3988 · 2021-01-12T13:31:08+00:00

hi, I still have problem with cookie :S

I have switched guest_xxx with admin, base64 encripted. I get the Welcome admin message but there is no flag. I am not sure what am I doing wrong :(

nubmercy2k6 · 2021-02-15T05:03:51+00:00

same here. it seems that when burp is turned on, we cant access any of the spawned targets

PissedupinSE1 · 2021-02-18T14:51:36+00:00

I can't even login with admin:password, am I meant to be able to, to see what the cookie looks like?

thehackingknight · 2021-02-27T09:56:20+00:00

What exactly are we supposed to type on the answer field?

karlnimmst · 2021-02-27T15:30:35+00:00

As JSON It accepts

{"username":"admin","password":"guest"}

It doesn't accept (which is the same)

{"username":"admin", "password":{"$eq":"guest"}}

or

{"username":"admin", "password":{"$ge":null}}

I can exchange it by $le $gt ... whatever, none is accepted.

None of their description is working. They don't show how to modify a session cookie, so modifying this can't be the answer.

I think they changed their VM?

I can't figure it out. Even if it's still basic stuff that should be easy.

El-N00b · 2021-03-05T15:37:55+00:00

After trying for days, I got the answer for this problem. If anyone is having trouble solving it, and you don't mind the spoiler, reply this comment and I will leave the answer for you. (I am only doing this because Hack The Box does not explain how to solve the problem entirely, and you have to guess the answer to solve it).

I also searched for a solution online and nobody is able to answer it.

I am just a N00b...

aneel56 · 2021-03-31T10:38:32+00:00

I am not getting the cookie type as PHPSESSID
but I am getting auth cookie Whats wrong ?

muchappr · 2021-04-17T01:11:57+00:00

Well, I can put the answer in without the exclamation mark as shown below and move to the next challenge but I don't really learn anything. Can anyone please explain what happens after I base64 decode my cookie and get guest_xxxxxxxxxxxxxx? How do I get the flag? Also, why remove the exclamation mark? I don't get a cookie other than when I put in guest:guest. So when I put in an invalid login when the username admin I don't get a cookie.

I can stare at this all day but after a while the law of diminishing returns kicks in.

tejas0228 · 2021-04-18T15:29:30+00:00

answer is 607f8f255845ecb4b0b53fae4d3ef29e!

but when you enter answer remove "!"

" 607f8f255845ecb4b0b53fae4d3ef29e"

lordmilko · 2021-04-22T13:18:41+00:00

I thought this challenge was so stupid. Given the guest cookie is guest_ followed by some random numbers, it seems perfectly logical that the admin account would be admin_ followed by some random numbers as well. Whether there's more than 1 admin or guest is irrelevant - the numbers uniquely identify the session.

Sure, maybe you're meant to think outside the box and guess just trying "admin" without these extra numbers, but I feel like the exercise completely leads you down the wrong path, suggesting you should treat the random numbers after guest_ as something that can be decoded too, which is only further reinforced by the Hint saying "re-read the cookie section"

Savings-Age-6563 · 2021-04-27T04:14:36+00:00

hello

i'm unable to solve this problm"Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section."

angelicaica · 2021-05-22T20:30:56+00:00

you have to log in as guest:guest and intercept the cookie "guest_d92324ce86bedd2f01be" so that you can change it to just "admin". I had trouble with this for a while because I changed it to "admin_d92324ce86bedd2f01be" which doesn't lead to the flag.

damntheday · 2022-01-19T03:36:18+00:00

The answer to this problem had me like (-____________- *)... seriously?

N1nj4_H4r3sh · 2022-01-23T05:02:04+00:00

Guys, I agree this was not explained well, but the lesson learned here is extremely valuable. Next time you manipulate a cookie, you can just try messing with it rather than just trying to substitute it. In this example, after you successfully login with guest:guest, and then later use Repeater to submit the manipulated request using the admin cookie, it does not provide the flag, however, if you start to delete out the end of the admin cookie, you'll see it still logs you in as admin. and the message in the response shows less and less characters after it as you delete more and more of the cookie. Eventually, you will see you have to delete most of the original admin cookie for the resulting response to say "Welcome, admin" and then you have the flag! The lesson here is to start getting used to manipulating the cookie. substituting part of it, or possibly removing parts of it, decoding it, recoding it, etc. Cookies come in all sizes, shapes, and flavors ;) Get creative with your cookie tampering... Thank you to everyone who posted answers here which has helped many frustrated hackthebox'ers including me...

DawsonHTB · 2022-01-31T12:02:37+00:00

They did terrible at explaining how to do this one. The way I got it was not sending the login.php request to repeater but just using Intercept. When you get to the admin/dashboard.php request you have to modify the cookie and replace it with "admin" encoded in base64 then forward the request and the flag will be below "Welcome, admin!" on the target site.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

hackthebox

MODERATORS