|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
modifying a cookie |
|
Posted: Fri Apr 28, 2006 8:45 am |
|
|
brennusje |
Beginner |
|
|
Joined: Apr 28, 2006 |
Posts: 4 |
|
|
|
|
|
|
|
Hi,
I used a sql injection and found the aid and md5 hash of a admin acount. now i want to create a cookie to log in as that account. The problem is that the cookie is a bit more complicated then the one used in the guide. (its a php-nuke website btw).
i'm sure waraxe should be able to explain this cookie, since his own website makes the exact same cookies!
here's an example:
lang
english
www.waraxe.us/
1024
1077309056
29854064
3459385152
29780638
*
phpbb2waraxe_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A4%3A%221921%22%3B%7D
www.waraxe.us/
1024
1007309056
29854064
3418135152
29780638
*
user
MTkyMTpicmVubnVzamU6Y2MwM2U3NDdhNmFmYmJjYmY4YmU3NjY4YWNmZWJlZTU6MTA6bmVzdGVkOjA6MDowOjA6OjQwOTY%3D
www.waraxe.us/
1024
3218353792
29786673
3459225152
29780638
*
The
are line breaks or something which notepad doesnt seem to undewrstand. when openend in ultra edit etc it shows as line breaks.
When i decode the base64 part we get this:
1921:brennusje:cc03e747a6afbbcbf8be7668acfebee5:10:nested:0:0:0:0::4096
1921 = userid
brennusje = username
cc03e747a6afbbcbf8be7668acfebee5 = md5 hash
But what is all that stuff after it? do i have to change it or just leave it alone?
And what about the first half of the cookie? i know i have to change the userid obviously, but what about all that stuff in front of and after autologinid? and the stuff after www.waraxe.us/ ?
plz explain a bit more. |
|
|
|
|
|
|
|
|
Posted: Fri Apr 28, 2006 11:08 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Fri Apr 28, 2006 11:34 am |
|
|
brennusje |
Beginner |
|
|
Joined: Apr 28, 2006 |
Posts: 4 |
|
|
|
|
|
|
|
Hi,
Yeah i posted my own cookie, it's not like a super secret pass or anything
I've tried to edit the user cookie but i just cant seem to get it to work.
The site only makes 2 cookies:
lang
english
www.somesite.org/
1024
1577897728
29854082
3885223824
29780656
*
msa_resolution
1280x1024x16
www.somesite.org/
1088
3931871232
31079283
3888033824
29780656
*
user
MTExOnRlc3RhY2M6c29tZW1kNWhhc2g6MTA6OjA6MDowOjA6OjQwOTY%3D%3D
www.somesite.org/
1024
383975168
29786692
547436528
29780657
*
And
phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A3%3A%22111%22%3B%7D
somesite.org/
1024
4068028544
29854086
2086077344
29780661
*
Now it seems that i am just not getting something. I know the aid and md5 hash of the admin, but when i edit the cookies accordingly it doesnt work. (i get the index as if i was a unknown user and cookies get overritten)[/i] |
|
|
|
|
|
|
|
|
Posted: Fri Apr 28, 2006 12:01 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
What browser you are using? IE? |
|
|
|
|
Posted: Fri Apr 28, 2006 12:40 pm |
|
|
brennusje |
Beginner |
|
|
Joined: Apr 28, 2006 |
Posts: 4 |
|
|
|
|
|
|
|
Yeah i use IE. should i try it with firefox/mozilla instead?
Anyways, i cracked the md5 hash so no need anymore
Thanks for the very informative site and quick replies. I'm amazed at how good you are at finding exploits, my compliments! (maybe phpnuke should hire you ) |
|
|
|
|
Posted: Fri Apr 28, 2006 12:55 pm |
|
|
brennusje |
Beginner |
|
|
Joined: Apr 28, 2006 |
Posts: 4 |
|
|
|
|
|
|
|
Yeah i use IE. should i try it with firefox/mozilla instead?
Anyways, i cracked the md5 hash so no need anymore
Thanks for the very informative site and quick replies. I'm amazed at how good you are at finding exploits, my compliments! (maybe phpnuke should hire you ) |
|
|
|
|
Posted: Fri Apr 28, 2006 2:21 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Thanks for good words!
And about IE and cookies - yep, beginning from IE 6 (if i remember right) there is some counter-tampering measures integrated to IE, so that simple manual txt file cookie editing is not working anymore.
But Firefox cookie file is not protected |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|