TryHackMe: Advent of Cyber - Day 2 - Elf HR Problems
This is a write up for the Day 2 - Elf HR Problems challenge in the Advent of Cyber room on TryHackMe. Some tasks may have been omitted as they do not require an answer.
What is the name of the new cookie that was created for your account?
Attempt to create a new account. You will see an “error” message as per below.
Looking at browser Cookies you will see the user-auth object.
Answer: user-auth
What encoding type was used for the cookie value?
Putting the cookie value in CyberChef shows the content is encoded as Hex.
Answer: Hexadecimal
What object format is the data of the cookie stored in?
The data is stored as JSON.
{company: "The Best Festival Company", isregistered:"True", username:"test"}
Answer: JSON
What is the value of the administrator cookie? (username = admin)
Reverse the formula in CyberChef and update username to “admin”.
Answer: 7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d696e227d
What team environment is not responding?
Update the cookie in developer tools and refresh the page.
Answer: HR
What team environment has a network warning?
Answer: Application
Recap
In this task we learnt how to:
- Decode cookies and manipulate them
- Bypass authentication