Open in app

Sign in

Write

Sign in

Advent Of Cyber 2 Try Hack Me [Day 1] A Christmas Crisis

mohomed arfath
3 min readDec 7, 2020

This a new hacking challenge series by Try Hack Me website. This challenge is continue till December 31. They will upload single challenge every single day till the Dec 25. if you complete all the challenges you will get a certificate form try hack me website and can get some prices from their ruffle program.

these are some of the gift you gonna get if you win the ruffle more details

Today I am going to do the first challenge

Now in here we need to log in to the system to do that we need to register to the system first

when we login to the web site using created account this is how its look like

What is the name of the cookie used for authentication?

When you go through the reading material you can see they mention where the cookie details are stored now lets see what is inside that

You can see the name of the cookie is auth

In what format is the value of this cookie encoded?

Now they are telling us to find the format of the auth value

This is the value of the that auth so if you inspect it well you can see it has characters 0 to 9 and A to E so its look likes hexadecimal answer is hexadecimal

Having decoded the cookie, what format is the data stored in?

you can see the format is JSON

Figure out how to bypass the authentication. What is the value of Santa’s cookie?

So you can see after we decode it to ascii username equal to the value that I created call iambat. If we can change that username to santa to we can get the cookie value for that.

So now I change it to the Santa in here and got hexadecimal value

now I have pasted the new value to cookie.
values=”7b22636f6d70616e79223a22546865204265737420466573746976616c20436f6d70616e79222c2022757365726e616d65223a2269616d626174227d

After I refresh the page you can see that all the button are open which mean I have access to Santa's account

Now that you are the Santa user, you can re-activate the assembly line! What is the flag you’re given when the line is fully active?

To get the flag you need to complete it like that.

Advent Of Cyber
Tryhackme Walkthrough
Day 1
Advent Of Cyber 2
Web Penetration Testing

--

--

mohomed arfath

Written by mohomed arfath

258 Followers

Security Engineer as profession rest is Classified

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams