Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
September 25, 2020
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 320
Members: 0
Total: 320
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> General discussion -> modifying a cookie
Post new topic  Reply to topic View previous topic :: View next topic 
modifying a cookie
PostPosted: Fri Apr 28, 2006 8:45 am Reply with quote
brennusje
Beginner
Beginner
 
Joined: Apr 28, 2006
Posts: 4




Hi,

I used a sql injection and found the aid and md5 hash of a admin acount. now i want to create a cookie to log in as that account. The problem is that the cookie is a bit more complicated then the one used in the guide. (its a php-nuke website btw).

i'm sure waraxe should be able to explain this cookie, since his own website makes the exact same cookies!

here's an example:

lang
english
www.waraxe.us/
1024
1077309056
29854064
3459385152
29780638
*
phpbb2waraxe_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A4%3A%221921%22%3B%7D
www.waraxe.us/
1024
1007309056
29854064
3418135152
29780638
*
user
MTkyMTpicmVubnVzamU6Y2MwM2U3NDdhNmFmYmJjYmY4YmU3NjY4YWNmZWJlZTU6MTA6bmVzdGVkOjA6MDowOjA6OjQwOTY%3D
www.waraxe.us/
1024
3218353792
29786673
3459225152
29780638
*

The
are line breaks or something which notepad doesnt seem to undewrstand. when openend in ultra edit etc it shows as line breaks.

When i decode the base64 part we get this:

1921:brennusje:cc03e747a6afbbcbf8be7668acfebee5:10:nested:0:0:0:0::4096

1921 = userid
brennusje = username
cc03e747a6afbbcbf8be7668acfebee5 = md5 hash

But what is all that stuff after it? do i have to change it or just leave it alone?
And what about the first half of the cookie? i know i have to change the userid obviously, but what about all that stuff in front of and after autologinid? and the stuff after www.waraxe.us/ ?

plz explain a bit more.
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 11:08 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Only cookie you must have in order to hijack the account, is "user" cookie. Other cookies, like "phpbb2whatever" will be automagically created in later.

By the way, i hope, that your example md5 hash is not really yours, because:

http://www.google.com/search?hl=en&q=cc03e747a6afbbcbf8be7668acfebee5&btnG=Google+Search

Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 28, 2006 11:34 am Reply with quote
brennusje
Beginner
Beginner
 
Joined: Apr 28, 2006
Posts: 4




Hi,

Yeah i posted my own cookie, it's not like a super secret pass or anything Smile

I've tried to edit the user cookie but i just cant seem to get it to work.

The site only makes 2 cookies:


lang
english
www.somesite.org/
1024
1577897728
29854082
3885223824
29780656
*
msa_resolution
1280x1024x16
www.somesite.org/
1088
3931871232
31079283
3888033824
29780656
*
user
MTExOnRlc3RhY2M6c29tZW1kNWhhc2g6MTA6OjA6MDowOjA6OjQwOTY%3D%3D
www.somesite.org/
1024
383975168
29786692
547436528
29780657
*


And


phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A3%3A%22111%22%3B%7D
somesite.org/
1024
4068028544
29854086
2086077344
29780661
*


Now it seems that i am just not getting something. I know the aid and md5 hash of the admin, but when i edit the cookies accordingly it doesnt work. (i get the index as if i was a unknown user and cookies get overritten)[/i]
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 12:01 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




What browser you are using? IE?
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 28, 2006 12:40 pm Reply with quote
brennusje
Beginner
Beginner
 
Joined: Apr 28, 2006
Posts: 4




Yeah i use IE. should i try it with firefox/mozilla instead?

Anyways, i cracked the md5 hash so no need anymore Smile

Thanks for the very informative site and quick replies. I'm amazed at how good you are at finding exploits, my compliments! (maybe phpnuke should hire you Smile )
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 12:55 pm Reply with quote
brennusje
Beginner
Beginner
 
Joined: Apr 28, 2006
Posts: 4




Yeah i use IE. should i try it with firefox/mozilla instead?

Anyways, i cracked the md5 hash so no need anymore Smile

Thanks for the very informative site and quick replies. I'm amazed at how good you are at finding exploits, my compliments! (maybe phpnuke should hire you Smile )
View user's profile Send private message
PostPosted: Fri Apr 28, 2006 2:21 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Thanks for good words!
And about IE and cookies - yep, beginning from IE 6 (if i remember right) there is some counter-tampering measures integrated to IE, so that simple manual txt file cookie editing is not working anymore.
But Firefox cookie file is not protected Very Happy
View user's profile Send private message Send e-mail Visit poster's website
modifying a cookie
  www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.077 Seconds