🪓
THM
  • Machines
    • Easy Machines
      • Pickle Rick
        • Findings Log
        • Scouting
          • URL Source Code
          • Wappalyzer
          • NMAP
        • Enumeration
          • Initial Enumeration
            • Gobuster
            • Open Port Vulnerability Check
            • Nikto
          • Portal Page Enumeration
        • Exploitation
          • SSH- Pointless
          • Command Panel
            • Python Webserver
            • Payloadallthethings
          • Cookies
        • Escalation
      • Basic Penetration Testing
      • OhSINT
      • Crack the hash
      • RootMe
      • Simple CTF
Powered by GitBook
On this page
  1. Machines
  2. Easy Machines
  3. Pickle Rick
  4. Exploitation

Cookies

PreviousPayloadallthethingsNextEscalation

Last updated 2 years ago

  • During RCE of the main page I decided to cat the "/denied.php" page to see what I got.

    • I found a snippet of code at the top that is supposed to verify the session login to allow access to the page.

  • It looks like it is just a piece that verifies whether I am logged in or not.

  • I next captured a packet when checking one of the other tabs with Burpsuite.

  • Looks like it comes with a unique session ID. I decided to capture the response back as well.

    • Nothing of note here. Just the same source code when viewing the page

  • I decided to logout and back in to see if the session id changes. I'm also going to grab all the packets with burpsuite.

    • There is a third parameter there called sub that is interesting. Changing it does nothing though.

  • I captured the response packet as well.

  • I'm going to try changing my session id. Nothing of note changes when I try 0 and 1