This a new hacking challenge series by Try Hack Me website. This challenge is continue till December 31. They will upload single challenge every single day till the Dec 25. if you complete all the challenges you will get a certificate form try hack me website and can get some prices from their ruffle program.
these are some of the gift you gonna get if you win the ruffle more details
Today I am going to do the first challenge
Now in here we need to log in to the system to do that we need to register to the system first
when we login to the web site using created account this is how its look like
What is the name of the cookie used for authentication?
When you go through the reading material you can see they mention where the cookie details are stored now lets see what is inside that
You can see the name of the cookie is auth
In what format is the value of this cookie encoded?
Now they are telling us to find the format of the auth value
This is the value of the that auth so if you inspect it well you can see it has characters 0 to 9 and A to E so its look likes hexadecimal answer is hexadecimal
Having decoded the cookie, what format is the data stored in?
you can see the format is JSON
Figure out how to bypass the authentication. What is the value of Santa’s cookie?
So you can see after we decode it to ascii username equal to the value that I created call iambat. If we can change that username to santa to we can get the cookie value for that.
So now I change it to the Santa in here and got hexadecimal value
now I have pasted the new value to cookie.
After I refresh the page you can see that all the button are open which mean I have access to Santa's account
Now that you are the Santa user, you can re-activate the assembly line! What is the flag you’re given when the line is fully active?
To get the flag you need to complete it like that.