Day 2 of the Advent of Cyber challenge! In what seems to be a running theme of web exploitation today’s topic is Authentication Bypass. In this instance setting the value of vulnerable cookies and setting a new user. Hopping right into the room you get a glorious wall of text explaining how a web server and client talk to each other, where cookies come into that conversation, and what the different components of cookies are and how to manipulate them.
Then they throw you in the water to see if you sink or swim. Let’s get swimming! Upon opening the link to the vulnerable site THM provides I open what I’ve been informed are now referred to as the “Developer tools” still by slapping f12 and taking the lead from day 1 registered an account at the site. Oh no! I don’t have permission to register. Sad. But whats this? A cookie?! For me??!!!!!
I take a look at this cookie and the value on it looks like some weak encoding. From my experience it’s looking a lot like some hexadecimal so I copy the value and head on over to Cyber Chef and dumped the value in the box and selected “from hex” recipe. Slap on that “Bake” button and watch the magic!
Hey now! that’s some JSON hidden by some really bad encryption. If you can even call it that! The THM task says I am to gain access to the admin page so I take the username variable and change it from my name to “admin”. After that I copy the JSON string with the changed variable and clear out the chef screen and input the altered string and this time choose “to hex” as the recipe and let her fly!
Grab the resulting hexadecimal string and head back over to the THM site we were playing with earlier. Edit the value in the cookie to the new hex string we have, reload the page and BAM!!!!
All the admin access we need to answer the rest of the questions in the room! Of course there is a room that gives you a deeper dive into Authentication Bypass vulnerabilities mostly using the ffuf tool to fuzz out usernames to see what values we want to use in our cookies. I expect the longer this challenge goes on the harder the challenges will get. I saw a sneak peek at the advent room full list and there’s a lot or cool exploits and techniques to learn about coming up and I can’t wait!
Cheers everyone and happy hacking security testing!!
