Comment on page

[Day 2] Elf HR Problems

{Web Exploitation = Cookie Manipulation}


McSkidy needs to check if any other employee elves have left/been affected by Grinch Industries attack, but the systems that hold the employee information have been hacked. Can you hack them back to determine if the other teams in the Best Festival Company have been affected?


Accessing the site reveals a login form as shown below.
Registered an account to get an idea of what's going on in the application.
After registering the site announced that I didn't have permission to register for an account as shown below.
Taking a look at the cookies created by the site, we can see 2 values.
What is the name of the new cookie that was created for your account?
  • user-auth
Decoding the cookie with cyberchef reveals that hexadecimal encoding was used.
What encoding type was used for the cookie value?
  • hexadecimal
Decoding as hex, we are able to see the values in JSON format.
What object format is the data of the cookie stored in?
  • json
Now let's modify the username field to admin and re-encode it.
What is the value of the administrator cookie? (username = admin)
  • 7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d
Now let's replace the existing cookie value with the value we just re-encoded.
After hitting refresh, the admin page appears on screen.
What team environment is not responding?
  • HR
What team environment has a network warning?
  • Application