LinkedInGitHub

Attacking Session Tokens

Obtain administrative access on the target to obtain the flag.

Step 1 - Decode the value of the parameter session:

  • Login into the application

  • Get the session id:

  • Use DenCode to detect the type of encoding

  • You can confirm with the following command:

Step 2 - Modify the role:

  • Change the role to admin:

    • user=htb-stdnt;role=user

  • Encode it:

Step 3 - Change the session id of the Request and get the flag:

  • Modify the session id

  • Resend the Request

  • Search for the flag on the Response:

PreviousAuthentication Bypass via Parameter ModificationNextSkills Assessment

Last updated