Story
McSkidy needs to check if any other employee elves have left/been
affected by Grinch Industries attack, but the systems that hold the employee
information have been hacked. Can you hack them back to determine if the other
teams in the Best Festival Company have been affected?
Learning Objectives of Day 2:
- Understanding the underlying technology of web servers and how the web communicates.
- Understand what cookies are and their purpose.
- Learn how to manipulate and manage cookies for malicious use.
Let us understand the concepts targeted for today first!
HTTP(S)
he HTTP protocol is a client-server
protocol to provide communication between a client and a webserver. HTTP
requests are similar to a standard TCP network request; however, HTTP adds
specific headers to the request to identify the protocol and other
information.
When an HTTP request is crafted, the method and target
header will always be included. The target header will specify what to
retrieve from the server, and the method header will specify how.
When
retrieving information from a web server, it is common to use the GET method,
such as loading a picture.
When sending data to a web server, it is
common to use the POST method, such as sending login information.
Example Request
GET / HTTP/1.1 Host: tryhackme.com User-Agent: Mozilla/5.0 Firefox/87.0 Referer: https://tryhackme.com/
Example Response
HTTP/1.1 200 OK Server: nginx/1.15.8 Date: Wednesday, 24 Nov 2021 13:34:03 GMT Content-Type: text/html Content-Length: 98
Cookies
Cookies are tiny pieces of data (metadata) or information
locally stored on your computer that are sent to the server when you make a
request.
Cookies can be assigned any name and any value
allowing the webserver to store any information it wants. Today we will be
focusing on authentication cookies, also known as session cookies.
Authentication or session cookies are used to identify you and what access
level is attached to your session.
Cookie Manipulation
Cookie manipulation is taking a cookie and modifying it to obtain
unintended behavior determined by the web developer. Cookie manipulation is
possible because cookies are stored locally on your host system, meaning you
have complete control over them and modify them as you please.
To
begin modifying and manipulating cookies, we need to open our developer tools.
In Google Chrome, developer tools are known as the “Chrome Developer Tools,”
and in Mozilla Firefox, they are known as the “Firefox Developer Tools.”
Developer
tools can be accessed by pressing F12 or Ctrl+Shift+I. Once developer tools
are open, to access your cookies, navigate to the Storage tab in Firefox or
Application tab in Chrome/Edge; select the Cookies dropdown on the left-hand
side of the console.
Now that we understand these basic terms and
concepts! Lets Enumerate!!
Q1. What is the name of the new cookie that was created for your account?
Once you open the website from the given link, you have to register an
account.
Advent of Cyber
Welcome To Advent of Cyber!
Then open the developer options and check for the cookie and find out the cookie name
Answer: user-auth
Q2. What encoding type was used for the cookie value?
If you
notice the value of the cookie that was generated,it is alphanumeric with more
of numbers and less of alphabets.
Mostly all these alphabets are between “a” and “f” and we know
only kind of encoding that is this way which is
Answer: Hexadeciaml
Q3. What object format is the data of the cookie stored in?
We can
see that the value of the cookie is encoded so we need to go and get the value
decoded.
We can do this by going onto
CyberChef
and inputting our cookie value. We convert it from hex so we get our output
From the image we can clearly see that the data is stored in key-value
pairs and that is why it is called
Answer: JSON
Now we need to manipulate the cookie to get Admin access!!
Now copy
the json output and set it as the input for this conversion in CyberChef tool.
Select the option of “ To Hex” and set the delimiter as none so as to avoid
all the spaces that come with it.
Once we do that, we have the value of the same json with user as “admin”
Q4.
What is the value of the administrator cookie? (username = admin)
Ans
:-
7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d
You can also decode this hex value via terminal through this command
echo " 7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d" | xxd -r -p
We have the value of the admin login cookie, so we go back to our page and
edit the value of the cookie into this new value for admin login.
and
Voila!!
We are now Admin!!
Q5. What team environment is not responding?
Ans
:- HR
Q6. What team environment has a network warning?
Ans :- Application
All answer done :-)
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
