TryThis0ne >> Challenges >> Web
we love cookies?
Viewers: :
Quick reply
Reply
New Topic
 
pitbull




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34




Send Email Top
Sent on: 26/09/2005, 00:59:19 Reply | Quote | Warn | Edit
the defult value of the cookie in this level is some strange string with many numbers, I tried to change the value of the cookie but it didn't work, I dont know what to put in!! How should i know what need to be in the cookie??
give me some hint plz..

tnx.

Avidor93




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65




Top
Sent on: 26/09/2005, 16:16:08 Reply | Quote | Warn | Edit
Yea i tried too but i don't do it .
i see in the cookie that there is a big number and smaller.
the smaller you can put in the form.
but this will be do the message : "your cookie not registred...".
so i tried to put in the cookie and replace in the big number (with cookie editor ofcurse) and to put the lil number in the form but after i click the button a strange message tell me : "Error in form ...".
i don't now what to do. help please cp!!!!

cp77fk4r
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621




Send Email Top
Sent on: 26/09/2005, 19:25:41 Reply | Quote | Warn | Edit
ho :) I'll give ya hint :

Try to look at the string in different eye! :)

pitbull




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34




Send Email Top
Sent on: 26/09/2005, 22:45:25 Reply | Quote | Warn | Edit
wtf??
i dont know what to do...
i tried to put the long string in the form but its to long.
i tried to change the value of to cookie to the phone number 1800-1337-1337
its also didnt work.
and i dont get something, if i dont change the value of the cookie i get a massege:
"The system appoint that your COOKIE is not register, please type the Phone Code again"
but if i change the value of the cookie [not matter to what..] i get this massege:
" Error in form, back to the Register page."

somebody can explain me plz..?
cp, plz.

cp77fk4r
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621




Send Email Top
Sent on: 26/09/2005, 22:57:15 Reply | Quote | Warn | Edit
"i tried to put the long string in the form but its to long.
i tried to change the value of to cookie to the phone number 1800-1337-1337" - Why do you did that?! threre is not common-sense in this act.

look, what the error what you get?
"The system appoint that your COOKIE is not register, please type the Phone Code again".

so, the number in the COOKIE appoint to the system what you are not register!

try to figure out what this string.

I gave you some hint, use it!

pitbull




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34




Send Email Top
Sent on: 26/09/2005, 23:07:10 Reply | Quote | Warn | Edit
ok,
can you explain me this massege:
"error in form, back to register page"
why I get this massege if I change the cookie to somthing else?

codingr
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 91




Top
Sent on: 27/09/2005, 00:36:58 Reply | Quote | Warn | Edit
you prabobly fucked the cookie up..

cp77fk4r
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621




Send Email Top
Sent on: 27/09/2005, 01:16:40 Reply | Quote | Warn | Edit
you need to Think before you do something, you dont think!

Avidor93




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65




Top
Sent on: 28/09/2005, 23:47:06 Reply | Quote | Warn | Edit
i cant do NOTHING!!!!!

SBD




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 49




Send Email Top
Sent on: 29/09/2005, 13:26:44 Reply | Quote | Warn | Edit
cp i finishes the level and i must say that the last part is very stupid =\ y i need to guss what u mean in ****

saintmeh




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 3




Send Email Top
Sent on: 30/03/2013, 06:45:26 Reply | Quote | Warn | Edit
I'm just thinking outloud here(so to speak)
I've now spent and embarrassing 3 hours on this "easy" challenge at my hackerspace. I have tried:
Changing the cookie by subtraction and addition.
This led to the discovery that there was an upper and lower range limit on the value of the cookie.
Deleting the cookie
This yielded the same error screen I got when I broke the bounds on our upper and lower range.
Considering this was an ID value which might match up to a currently registered account
Unfortunately bruteforcing is prohibitted and I'm afraid that the first method indicates that the number is likely sequencial.
Comparing it to long value versions of dates (nanoseconds from epoc)
This was highly unlikely.
All of this information might indicate some extremely foolish form of encryption... however, the number seems to be constant. The constant number may be a limitation of the challenge.

I am trying to take cp77fk4r's hints to mind. So I attempted to look at this through different eyes.... perhaps the developer's eyes. If I were using a number in a cookie to register a user... then I would want to generate a unique token using a encryption. But if I used any decent encryption... I probably wouldn't have sequencial values. So he might be using a foolishly home-rolled encryption. The number may also have several parts... but I haven't been able to spot any break which might indicate one part from another. Therefore, my next step is to try to figure out which cookie values are acceptable and which ones have errors... but again... I can't bruteforce. I'm very stuck. I've thought about this for a while.

saintmeh




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 3




Send Email Top
Sent on: 03/04/2013, 13:17:05 Reply | Quote | Warn | Edit
More public(and fruitless) research:
When I look at something as an encryption, I try to find patterns.
A really obvious pattern was all the ones.

I thought that maybe this wasn't so much a lame encyrption as it was an encoding...
Yeah.. The forums seem to back me up on that. I've never used the forums until now... so I didn't realize all of the resources available.

They hint towards ASCII. I tried 7 and 8 bit. Neither worked. I also considered that the developer just concatenated groups of three.

I'm fairly certain that the answer is 6 characters in length.

I'm getting tired.

I even considered ebcdic and unicodes... but the format was wrong for most of the characters.

I'll attack again Later. I'm amazed that someone from our 2600 group did most of this site in a month. This isn't as easy as many hack sites..

ArgonQ




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 18




Top
Sent on: 20/06/2013, 18:57:30 Reply | Quote | Warn | Edit
@saintmeh
Get a good ascii table ;)

All the times are GMT+2, ISRAEL
TryThis0ne >> Challenges >> Web

Quick reply
Reply
New Topic


Page generated using: 12 queries
Design by SBD © GeHeNoM.Net | Powered By Tera-Byte Forums 1.5 © JonJon & HLL
ý