Axino.net » cookies http://www.axino.net The other side of atom. Thu, 15 Jul 2010 12:45:00 +0000 en hourly 1 http://wordpress.org/?v=3.0 Basic web hacking 7 :: double login http://www.axino.net/tutorial/2009/11/basic-web-hacking-7-double-login http://www.axino.net/tutorial/2009/11/basic-web-hacking-7-double-login#comments Mon, 09 Nov 2009 23:58:03 +0000 Arxleol http://www.axino.net/?p=599 This one is much harder then previous missions especially because there are two logins and therefore looks like double trouble.

This is introduction to the first part of the mission:

This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption, and for you to login you need to encrypt it. And after you login there is another login but its a Login that uses SQL databases, but he thinks that the SQL login page is vulnerable to a simple SQL injection, and when he gets back from his vacation he would fix it.

Next I would like to point you to the site because encryption is from ascii to binary http://www.theskull.com/javascript/ascii-binary.html

Now let’s check cookies. You will find two cookies created by basic 7, username and password. Content of both is:

username: sam

password: jillisdead

Now let’s encode contents.

sam == 011100110110000101101101

jillisdead == 01101010011010010110110001101100011010010111001101100100011001010110000101100100

Now click to submit username. After you did this change values of the cookies. You will get to the following page http://www.hellboundhackers.org/challenges/basic7/check-cookie.php

Now after you have updated cookies, you just refresh page and you will see SQL login page. So now we need to use simple SQL injection,

‘ 1=1

And it works :D Similar Posts:

]]> http://www.axino.net/tutorial/2009/11/basic-web-hacking-7-double-login/feed 0 hackthissite.org basic 10 :: My cookie your cookie http://www.axino.net/hack/hack-this-site/2009/09/hackthissite-org-basic-10-my-cookie-your-cookie http://www.axino.net/hack/hack-this-site/2009/09/hackthissite-org-basic-10-my-cookie-your-cookie#comments Fri, 25 Sep 2009 20:59:28 +0000 Arxleol http://www.axino.net/?p=469 OK this one might be hard to get. But in the end it is really simple, the biggest problem is how to figure out what should you use.

If you tried several things from previous hackthissite.org missions you probably figured that nothing will work here. So you came here to find new approach. And here it is! If you haven’t figured out from the very name of this mission what you should do is use cookies.

Cookies are small  chunks of data saved on your computer by remote server you are accessing. You can read more on provided web site.

Also I suggest using following tools to complete this mission.

First one is Firebug, highly usable development tool for firefox. Second one is Firecookie this one is extension on Firefox extension. So you’ll have to install both plugins.

Now when you are ready open firebug tab named cookies and refresh page of 10th mission. When you’ve done that search for cookie named: level10_authorized when you find this cookie you may notice that value it contains is No, so just double click on cookie name and change value to Yes and continue with any password.

You should be now authorized :D Similar Posts:

]]> http://www.axino.net/hack/hack-this-site/2009/09/hackthissite-org-basic-10-my-cookie-your-cookie/feed 4