Dashboard Articles Playground Discussions More
Follow

Now what?

SecureUs

salem987
2 years ago

0

Hello!

I am stuck with the secureus level. I have >> successfully injected some code to retrieve the admin cookie . The code works fine >> since I receive my own cookie in the server but I am not receiving the one from the admin. Should I just keep waiting? Or am I doing something wrong?

10replies
6voices
561views
mortfeus
2 years ago

1

Yes there is a problem on the level. We all waiting @flabbyrabbit to resolv it.

 

Is this real ?Morpheus

Luke [flabbyrabbit]
2 years ago

5

… 16 months later …

This should be fixed now. Go to: https://defendtheweb.net/extras/playground/secure-us/contact.php?view=1 or submit a new message to kick off the process ??

 

Image

Reply has been removed
mortfeus
2 years ago | edited 2 years ago

0

@flabbyrabbit YES finally i got what i wanted, i change the value but when it seem to be completed it say “Level not found”. Maybe there is some Hackthis URL in the level.

 

Is this real ?Morpheus

Luke [flabbyrabbit]
2 years ago

0

Woop, progress. The link that redirected you back to the level was wrong. I’ve updated now if you can give it another try ??

 

Image

mortfeus
2 years ago

0

Wait, can I PM you ?

 

Is this real ?Morpheus

Alexander Myasnikov [amyasnikov]
3 weeks ago | edited 3 weeks ago

0

I have the same problem.
I only receive my cookies but not the admin cookies.
Can you tell me if the problem is that the site is not working properly, or if I am on the wrong track…

I can send my decision in PM for review.

🐉 [Cheerfulbull]
3 weeks ago | reply to #91977

0

Thatis strange, I completed the challenge a few months ago. Are you perhaps using something obvious, like a visible redirect?

 

Roses are red,
Violets are blue,
AES(level) is bad
And I might be too

Alexander Myasnikov [amyasnikov]
3 weeks ago | edited 3 weeks ago

0

My attempts.

I wrote an [spoil]
Then when I open contact.php in a browser, it creates an http request of the form webhook.site/<uuid>?cookies=<cookies_in_base64> via tag <script>.

I expect the admin to open this page the same way and I get his cookies. Then by swapping the cookies I can login in as admin

[spoil]

🐉 [Cheerfulbull]
3 weeks ago

0

PM me. I think you’re on the right track, and at this rate we’re going to spoil the challenge for others.

 

Roses are red,
Violets are blue,
AES(level) is bad
And I might be too

thecyphervault
2 weeks ago

0

I think this level did something stupid for me, like putting my cookie session’s token and the one I am stealing within the same cookie. If you have done all of that the challenge should be finished.

You must be logged in to reply to this discussion. Login
1 of 11

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss