-->

  • TryHackMe Web Exploitation Session Cookies

     

     

    TryHackMe Web Exploitation Session Cookies

     

    Story


    McSkidy needs to check if any other employee elves have left/been affected by Grinch Industries attack, but the systems that hold the employee information have been hacked. Can you hack them back to determine if the other teams in the Best Festival Company have been affected?



    Learning Objectives of Day 2:
     

    • Understanding the underlying technology of web servers and how the web communicates.
    • Understand what cookies are and their purpose.
    • Learn how to manipulate and manage cookies for malicious use.



    Let us understand the concepts targeted for today first!



    HTTP(S)



    he HTTP protocol is a client-server protocol to provide communication between a client and a webserver. HTTP requests are similar to a standard TCP network request; however, HTTP adds specific headers to the request to identify the protocol and other information.

    When an HTTP request is crafted, the method and target header will always be included. The target header will specify what to retrieve from the server, and the method header will specify how.

    When retrieving information from a web server, it is common to use the GET method, such as loading a picture.

    When sending data to a web server, it is common to use the POST method, such as sending login information.





    Example Request

    GET / HTTP/1.1
    Host: tryhackme.com
    User-Agent: Mozilla/5.0 Firefox/87.0
    Referer: https://tryhackme.com/
    
    
    


    Example Response


    HTTP/1.1 200 OK
    Server: nginx/1.15.8
    Date: Wednesday, 24 Nov 2021 13:34:03 GMT
    Content-Type: text/html
    Content-Length: 98
    
    
    



    Cookies


    Cookies are tiny pieces of data (metadata) or information locally stored on your computer that are sent to the server when you make a request.

    Cookies can be assigned any name and any value allowing the webserver to store any information it wants. Today we will be focusing on authentication cookies, also known as session cookies. Authentication or session cookies are used to identify you and what access level is attached to your session.



    Cookie Manipulation


    Cookie manipulation is taking a cookie and modifying it to obtain unintended behavior determined by the web developer. Cookie manipulation is possible because cookies are stored locally on your host system, meaning you have complete control over them and modify them as you please.

    To begin modifying and manipulating cookies, we need to open our developer tools. In Google Chrome, developer tools are known as the “Chrome Developer Tools,” and in Mozilla Firefox, they are known as the “Firefox Developer Tools.”

    Developer tools can be accessed by pressing F12 or Ctrl+Shift+I. Once developer tools are open, to access your cookies, navigate to the Storage tab in Firefox or Application tab in Chrome/Edge; select the Cookies dropdown on the left-hand side of the console.

    Now that we understand these basic terms and concepts! Lets Enumerate!!



    Q1. What is the name of the new cookie that was created for your account?


    Once you open the website from the given link, you have to register an account.




    TryHackMe Web Exploitation Session Cookies

    
    
        Advent of Cyber
    
    
        Welcome To Advent of Cyber!
    
     
     

    Then open the developer options and check for the cookie and find out the cookie name


    TryHackMe Web Exploitation Session Cookies


    Answer: user-auth


    Q2. What encoding type was used for the cookie value?

    If you notice the value of the cookie that was generated,it is alphanumeric with more of numbers and less of alphabets.


    TryHackMe Web Exploitation Session Cookies


    Mostly all these alphabets are between “a” and “f” and we know only kind of encoding that is this way which is


    Answer: Hexadeciaml



    Q3. What object format is the data of the cookie stored in?

    We can see that the value of the cookie is encoded so we need to go and get the value decoded.

    We can do this by going onto CyberChef and inputting our cookie value. We convert it from hex so we get our output



    TryHackMe Web Exploitation Session Cookies


    From the image we can clearly see that the data is stored in key-value pairs and that is why it is called

    Answer: JSON



    Now we need to manipulate the cookie to get Admin access!!

    Now copy the json output and set it as the input for this conversion in CyberChef tool. Select the option of “ To Hex” and set the delimiter as none so as to avoid all the spaces that come with it.



    TryHackMe Web Exploitation Session Cookies


    Once we do that, we have the value of the same json with user as “admin”

    Q4. What is the value of the administrator cookie? (username = admin)


    Ans :-


     7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d
    
    
    
    


    You can also decode this hex value via terminal through this command 

     

     

    echo " 7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d" | xxd -r -p
    

     

     

     

    TryHackMe Web Exploitation Session Cookies

     

     

     

    We have the value of the admin login cookie, so we go back to our page and edit the value of the cookie into this new value for admin login.

    and Voila!!

    We are now Admin!!


    TryHackMe Web Exploitation Session Cookies



    Q5. What team environment is not responding?


    Ans :- HR



    Q6. What team environment has a network warning?


    Ans :- Application



    All answer done :-)




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

  • 0 comments:

    Post a Comment

    For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.