Welcome to my walk through series of TryHackMe’s Advent of Cyber 2 room.
Let’s Nmap our target to discover open ports.
nmap -p- -sV -T4 –reason 10.10.37.154
Since we know port 80 is open let’s our target in our web browser.
Looks like we have a login page. Let’s register an account using the username hackerman and password of elffs.
Now we can login to the Christmas Control Centre. Let’s see if we can view our cookie by doing the following:
right click and select Inspect Element (Q).
A cookie is an HTTP header that a website uses to verify someone once they login. Without this cookie, you would have to login to every single page you visited on a website, so a cookie follows us around as we view a website.
Now click on the Storage tab and under Cookies you can see http://10.10.37.154. When you click on that you can see an auth cookie with a random looking value.
Here we can answer the first question about the name of the cookie which is auth.
Let’s see if we can take the cookie value and decode it. We can use Burp Suite for this, other tools will work as well. Open Burp Suite and go to the Decoder tab.
Put in the value of the cookie and select Decode as.. and select ASCII hex.
7b22636f6d70616e79223a22546865204265737420466573746976616c20436f6d70616e79222c2022757365726e616d65223a226861636b65726d616e227d
The cookie decodes as {“company”:”The Best Festival Company”, “username”:”hackerman”}
This is json format maybe we can change the username and get a cookie.
If we just change the username to santa and encode it as ascii hex we can get a cookie.
A lot of websites use the hexidecimal format to encode their cookies, which is the 2nd question answer.
Lots of data can be stored within json format. One way to tell is looking at the curly brackets and looking for different pairs of data like “company”:”The Best Festival Company” The format of the cookie is the answer to the 3rd question.
Since we have created a cookie for Santa maybe we can just replace the value within the storage within the browser.
Paste Santa’s cookie into the data storage. Right click on the web page select inspect element. Click on the storage tab and paste the value of Santa’s cookie in the Value column.
7b22636f6d70616e79223a22546865204265737420466573746976616c20436f6d70616e79222c2022757365726e616d65223a22656c666673227d
Now we have put Santa’s cookie in our browser refresh the page.
Now that you are the Santa user, you can re-activate the assembly line! Once everything is active we get the flag.
Thanks for following along with our first challenge, check out the rest of the blog for other challenges.