Lab: Brute-forcing a stay-logged-in cookie

we need to get access to user carlos

we will intercept the request and toggle the stay logged in button

here in sequencer we will validate the randomness of the cookies

if we see here in the character level analysis that it is pretty high

which means that we have a strong randomness in our cookies and it is not static

next we will test the stay logged in encoded

we can see here the character level analysis is red

which means that it is static and it is not changing every request

we back from the repeater and get the stay logged in token

it looks like a base64 thats why I used cyberchef

and i use hash identifer to see the exact hash algorithm that has been used

and it looks like its md5

now we will move on to the myaccount page

send to repeater

and try removing the ?id=wiener

and looks like it is still working without a parameter

send to intruder

first we have to set the payload processing since we have to encode the payload first

select md5 for the password

then add prefix so the payload will be like

carlos:md5 hash

then just encode the payload to base64

final result

lastly load the passwords

as we proceed with the attack

we can see the different length from the rest

md5 to text

final resutl

carlos:princess