Waraxe IT Security Portal
Login or Register
November 16, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> General discussion -> modifying a cookie
Post new topicReply to topic View previous topic :: View next topic
modifying a cookie
PostPosted: Fri Apr 28, 2006 8:45 am Reply with quote
brennusje
Beginner
Beginner
Joined: Apr 28, 2006
Posts: 4




Hi,

I used a sql injection and found the aid and md5 hash of a admin acount. now i want to create a cookie to log in as that account. The problem is that the cookie is a bit more complicated then the one used in the guide. (its a php-nuke website btw).

i'm sure waraxe should be able to explain this cookie, since his own website makes the exact same cookies!

here's an example:

lang
english
www.waraxe.us/
1024
1077309056
29854064
3459385152
29780638
*
phpbb2waraxe_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A4%3A%221921%22%3B%7D
www.waraxe.us/
1024
1007309056
29854064
3418135152
29780638
*
user
MTkyMTpicmVubnVzamU6Y2MwM2U3NDdhNmFmYmJjYmY4YmU3NjY4YWNmZWJlZTU6MTA6bmVzdGVkOjA6MDowOjA6OjQwOTY%3D
www.waraxe.us/
1024
3218353792
29786673
3459225152
29780638
*

The
are line breaks or something which notepad doesnt seem to undewrstand. when openend in ultra edit etc it shows as line breaks.

When i decode the base64 part we get this:

1921:brennusje:cc03e747a6afbbcbf8be7668acfebee5:10:nested:0:0:0:0::4096

1921 = userid
brennusje = username
cc03e747a6afbbcbf8be7668acfebee5 = md5 hash

But what is all that stuff after it? do i have to change it or just leave it alone?
And what about the first half of the cookie? i know i have to change the userid obviously, but what about all that stuff in front of and after autologinid? and the stuff after www.waraxe.us/ ?

plz explain a bit more.
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 11:08 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Only cookie you must have in order to hijack the account, is "user" cookie. Other cookies, like "phpbb2whatever" will be automagically created in later.

By the way, i hope, that your example md5 hash is not really yours, because:

http://www.google.com/search?hl=en&q=cc03e747a6afbbcbf8be7668acfebee5&btnG=Google+Search

Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 28, 2006 11:34 am Reply with quote
brennusje
Beginner
Beginner
Joined: Apr 28, 2006
Posts: 4




Hi,

Yeah i posted my own cookie, it's not like a super secret pass or anything Smile

I've tried to edit the user cookie but i just cant seem to get it to work.

The site only makes 2 cookies:


lang
english
www.somesite.org/
1024
1577897728
29854082
3885223824
29780656
*
msa_resolution
1280x1024x16
www.somesite.org/
1088
3931871232
31079283
3888033824
29780656
*
user
MTExOnRlc3RhY2M6c29tZW1kNWhhc2g6MTA6OjA6MDowOjA6OjQwOTY%3D%3D
www.somesite.org/
1024
383975168
29786692
547436528
29780657
*


And


phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A3%3A%22111%22%3B%7D
somesite.org/
1024
4068028544
29854086
2086077344
29780661
*


Now it seems that i am just not getting something. I know the aid and md5 hash of the admin, but when i edit the cookies accordingly it doesnt work. (i get the index as if i was a unknown user and cookies get overritten)[/i]
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 12:01 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




What browser you are using? IE?
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 28, 2006 12:40 pm Reply with quote
brennusje
Beginner
Beginner
Joined: Apr 28, 2006
Posts: 4




Yeah i use IE. should i try it with firefox/mozilla instead?

Anyways, i cracked the md5 hash so no need anymore Smile

Thanks for the very informative site and quick replies. I'm amazed at how good you are at finding exploits, my compliments! (maybe phpnuke should hire you Smile )
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 12:55 pm Reply with quote
brennusje
Beginner
Beginner
Joined: Apr 28, 2006
Posts: 4




Yeah i use IE. should i try it with firefox/mozilla instead?

Anyways, i cracked the md5 hash so no need anymore Smile

Thanks for the very informative site and quick replies. I'm amazed at how good you are at finding exploits, my compliments! (maybe phpnuke should hire you Smile )
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 2:21 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Thanks for good words!
And about IE and cookies - yep, beginning from IE 6 (if i remember right) there is some counter-tampering measures integrated to IE, so that simple manual txt file cookie editing is not working anymore.
But Firefox cookie file is not protected Very Happy
View user's profile Send private message Send e-mail Visit poster's website
modifying a cookie
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.036 Seconds