TryHackMe — Advent of Cyber 2 — Intro and Day 1
Someone in a Slack channel had posted a flyer for this advent of cyber. As I’m getting back into the game, I figured it would be a opportunity for learning some of the basics again. They tout on their site, it will be designed for beginner challenges, I’m sure with a little more advanced stuff at some point.
“
Get started with Cyber Security in 25 days, by learning the basics and completing a new, beginner friendly security exercise every day leading up until Christmas; an advent calendar but with security challenges and not chocolate.
“
While the internet here isn’t that great, I couldn’t get the attack box to work, with it’s 20 second clicking delay, it just wasn’t doable. Loaded up the Kali VM that I’ve been using and downloaded the connection pack. Connected the OpenVpn and I was in business and could reach their site without any issues.
Day 1 — A Christmas Crisis
Ok, the first question asks: What is the name of the cookie used for authentication?
This should be easy enough, lets get logged in and take a look. We are greeted with a username/password login once we reach the site, this also offers the option to register. We can built an account using 3lduderino:abides.
Once we log in with those credentials we can see a status window of Santa’s workshop controls.
Anyhow lets get on with it, here is the cookie we are presented with:
So we can answer Question 1 — name of the cookie is ‘auth’
Onto question 2: In what format is the value of this cookie encoded?
So, we can take a quick look at my string:
7b22636f6d70616e79223a22546865204265737420466573746976616c20436f6d70616e79222c2022757365726e616d65223a22336c6475646572696e6f227dWe only see numbers and letters from ‘0’ to ‘f’, probably Hexadecimal.
Let’s throw this into the good ole’ Cyber Chef and see what happens with the ‘From Hex’ option.
We can clearly read what the cookie values are now, that answers question 2.
Question 3: Having decoded the cookie, what format is the data stored in?
Feel free to browse this: https://www.w3schools.com/js/js_json_intro.asp
But we can see that the it is JSON format, we can put question 3 in the books now.
Question 4: What is the value of Santa’s cookie?
For this, again we will use Cyber Chef but reverse the process and change some values.
From: {"company":"The Best Festival Company", "username":"3lduderino"}
To: {"company":"The Best Festival Company", "username":"santa"}Now we can change our options in Cyber Chef ‘To Hex’ and set the delimiter to ‘None’
That Hex value will answer question 4 for us.
Question 5: What is the flag you’re given when the line is fully active?
Let’s change the value in our ‘auth’ cookie to the new Santa value and refresh the page and see what changes.
We now have the controls to turn various parts of Santa’s workshop and get it working. Once you enable all of the Controls, you will see a flag for this. I’ll save that part for you to figure out
Until next time,
-3lduderino
