Haxxerenr
-
Posts
4 -
Joined
-
Last visited
Posts posted by Haxxerenr
-
-
Really? Nobody who can help me?
-
I'm trying to complete the OWASP Security Shepherd challenges and I'm a bit stuck on the Broken Authentication and Session Management Challenge.
The challenge reads: Only administrators of the following sub-application can retrieve the result key. Followed by a button labeled: Administrator only button
I fired up Burp Suite and intercepted the following request after clicking the button:
Raw Request
Cookie: checksum=dXNlclJvbGU9dXNlcg==; JSESSIONID=0275B60FDA258993848E7AF93338D41F; JSESSIONID3="uDnES4i8arE6wd4WAPlU2Q=="; JSESSIONID=4AA028C117D5CC869A83B9A516389A58; _ga=GA1.2.1467780212.1413196735; token=82434034476359385297251271889074344991; JSESSIONID3="" adminDetected=false&returnPassword=false&upgradeUserToAdmin=false
I noticed the checksum was base64 encoded and reads userRole=user, so changed it to userRole=admin base64 encoded the string and changed the checksum value.
Ofcourse I have tried various true and false combinations in the body. Can someone give me a tip / point me in the right direction?
-
Hi guys,
Metaploit gives you a great list of Meterpreter shells to use for your pen testing pleasure. However I can't seem to find guidelines about when to use what shell in what situation. In all guides they just mention what payload they use, but never give a reason why.
Does someone have a good resource on this matter?
Thanks
Broken Authentication and Session Management Challenge
in Security
Posted
@Rook you can find the same question on /r/netsec
Is something wrong with my formatting? Are questions like mine not appreciated here?
If you can't help me find the answer could you point me to a forum where someone can?