Our development agency is committed to providing you the best service.


The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.


We pride ourselves with strong, flexible and top notch skills.


Development 90%
Design 80%
Marketing 70%


Development 90%
Design 80%
Marketing 70%


Development 90%
Design 80%
Marketing 70%


We help our clients integrate, analyze, and use their data to improve their business.










Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.


We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label cookies. Show all posts
Showing posts with label cookies. Show all posts
  • TryHackMe Web Exploitation Session Cookies



    TryHackMe Web Exploitation Session Cookies



    McSkidy needs to check if any other employee elves have left/been affected by Grinch Industries attack, but the systems that hold the employee information have been hacked. Can you hack them back to determine if the other teams in the Best Festival Company have been affected?

    Learning Objectives of Day 2:

    • Understanding the underlying technology of web servers and how the web communicates.
    • Understand what cookies are and their purpose.
    • Learn how to manipulate and manage cookies for malicious use.

    Let us understand the concepts targeted for today first!


    he HTTP protocol is a client-server protocol to provide communication between a client and a webserver. HTTP requests are similar to a standard TCP network request; however, HTTP adds specific headers to the request to identify the protocol and other information.

    When an HTTP request is crafted, the method and target header will always be included. The target header will specify what to retrieve from the server, and the method header will specify how.

    When retrieving information from a web server, it is common to use the GET method, such as loading a picture.

    When sending data to a web server, it is common to use the POST method, such as sending login information.

    Example Request

    GET / HTTP/1.1
    Host: tryhackme.com
    User-Agent: Mozilla/5.0 Firefox/87.0
    Referer: https://tryhackme.com/

    Example Response

    HTTP/1.1 200 OK
    Server: nginx/1.15.8
    Date: Wednesday, 24 Nov 2021 13:34:03 GMT
    Content-Type: text/html
    Content-Length: 98


    Cookies are tiny pieces of data (metadata) or information locally stored on your computer that are sent to the server when you make a request.

    Cookies can be assigned any name and any value allowing the webserver to store any information it wants. Today we will be focusing on authentication cookies, also known as session cookies. Authentication or session cookies are used to identify you and what access level is attached to your session.

    Cookie Manipulation

    Cookie manipulation is taking a cookie and modifying it to obtain unintended behavior determined by the web developer. Cookie manipulation is possible because cookies are stored locally on your host system, meaning you have complete control over them and modify them as you please.

    To begin modifying and manipulating cookies, we need to open our developer tools. In Google Chrome, developer tools are known as the “Chrome Developer Tools,” and in Mozilla Firefox, they are known as the “Firefox Developer Tools.”

    Developer tools can be accessed by pressing F12 or Ctrl+Shift+I. Once developer tools are open, to access your cookies, navigate to the Storage tab in Firefox or Application tab in Chrome/Edge; select the Cookies dropdown on the left-hand side of the console.

    Now that we understand these basic terms and concepts! Lets Enumerate!!

    Q1. What is the name of the new cookie that was created for your account?

    Once you open the website from the given link, you have to register an account.

    TryHackMe Web Exploitation Session Cookies

        Advent of Cyber
        Welcome To Advent of Cyber!

    Then open the developer options and check for the cookie and find out the cookie name

    TryHackMe Web Exploitation Session Cookies

    Answer: user-auth

    Q2. What encoding type was used for the cookie value?

    If you notice the value of the cookie that was generated,it is alphanumeric with more of numbers and less of alphabets.

    TryHackMe Web Exploitation Session Cookies

    Mostly all these alphabets are between “a” and “f” and we know only kind of encoding that is this way which is

    Answer: Hexadeciaml

    Q3. What object format is the data of the cookie stored in?

    We can see that the value of the cookie is encoded so we need to go and get the value decoded.

    We can do this by going onto CyberChef and inputting our cookie value. We convert it from hex so we get our output

    TryHackMe Web Exploitation Session Cookies

    From the image we can clearly see that the data is stored in key-value pairs and that is why it is called

    Answer: JSON

    Now we need to manipulate the cookie to get Admin access!!

    Now copy the json output and set it as the input for this conversion in CyberChef tool. Select the option of “ To Hex” and set the delimiter as none so as to avoid all the spaces that come with it.

    TryHackMe Web Exploitation Session Cookies

    Once we do that, we have the value of the same json with user as “admin”

    Q4. What is the value of the administrator cookie? (username = admin)

    Ans :-


    You can also decode this hex value via terminal through this command 



    echo " 7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d" | xxd -r -p




    TryHackMe Web Exploitation Session Cookies




    We have the value of the admin login cookie, so we go back to our page and edit the value of the cookie into this new value for admin login.

    and Voila!!

    We are now Admin!!

    TryHackMe Web Exploitation Session Cookies

    Q5. What team environment is not responding?

    Ans :- HR

    Q6. What team environment has a network warning?

    Ans :- Application

    All answer done :-)



    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


  • Top 5 Security issues with cookies


    Top 5 Security issues with cookies


    Top 5 Security issues with cookies

    Computer cookies,
    for the most part, are beneficial to your online experience. They help websites provide personalized experiences for each user—which is incredible, considering the number of online users. But like anything online, hackers, cybercriminals and bad actors have discovered ways to utilize cookies to take advantage of people.

    Before diving into the specific security issues with cookies, it’s important to understand the different types.

    Computer cookies can be broken down into three categories:

    Session cookies

    What are cookies ?

    Cookies are the text files with small pieces of data like username and password that are used to identify your computer as you use a computer network.

    Top 5 Security issues with cookies


    Types of cookies:

    1. Session of cookies :

    If you visit website requiring a password, session cookies are what allows you to hop from page to page without needing to log in every time.

    2. Persistent Cookies :

    Persistent cookies are used to update your perferences when you visit a website. They're used to analyze a user's browsing habits.

    3. Flash Cookies :

    Similar to persistent cookies, except they're stored as abode flash files instead of text files, these contains the same data and work just like other cookies.

    Five security issues with cookies -

    1. Cross-site request forgery attack (CSRF)

    It is an attack that forces authenticated users to submit a request to a web application against which they are currently authenticated.

    CSRF attacks exploits the trust web application has in an authenticated user.


    Top 5 Security issues with cookies



    Session Fixation

    If a website allows session IDs in the query parameters, an attacker can include a specific session ID in the URL.

    If they send that URL to a user and the user logs info the website using their legitimate credentials, the attacker can then take over that session and gain access to the user's account.



    Top 5 Security issues with cookies


    Cross-Site scripting (XSS)

    The attacker writes malicious code and post it to a trusted website. When the user visits the website, their browser is loads the content.

    It executes all the scripts and grants access to any session tokens, cookies, or other sensitive information including login details.

    Top 5 Security issues with cookies

    Cookies Tossing Attack

    Attackers create a fake subdomains cookies for a website and send it to a user. When the user visits that website.

    It'll pull the attackers fake cookies, then attackers will be able to take over the session and gain access to the user's account.

    Top 5 Security issues with cookies

    Cookies Capturing

    If a cookie is being used for authentication purposes should always be sent via secure SSL/TLS channels.

    If a website allows for cookies to be sent using cleartext, an attacker could potentially eavesdrop on network traffic to capture the unsecured cookie.

    Top 5 Security issues with cookies


    Cookies have made a significant contribution to making the web stateful, but they also add to the attack surface.

    They can be used by hackers to gain control of privileged functionalities perform SQL injections, session hijacking, and account takeover.


    We've been developing corporate tailored services for clients for 30 years.


    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.