Tryhackme event Advent of Cyber 2020 !!!
2-what is the name of the cookie for authentication?
3-In what format the value of cookie is encoded?
4-Having decoding the cookie in what format data is stored in ?
Json(after decoding we get {"company":"The Best Festival Company", "username":"admin"})
### 5-What is the value of santa cookie?
7B22636F6D70616E79223A22546865204265737420466573746976616C20436F6D70616E
79222C2022757365726E616D65223A2273616E7461227D
6-After reactivating the assembly line what is the flag you are given?
THM{MjY0Yzg5NTJmY2Q1NzM1NjBmZWFhYmQy}
2- Web Exploitation (The Elf Strikes back)
1-What string of text needs added to the URL to get access to the upload page?
actual url path http:///index.php?id=ODIzODI5MTNiYmYw
2-What type of file is accepted by the site?
->image
3-in which directry upload files are stored
[: payload works = .png.php]
/uploads/{use gobuser or dirbuster}
5-What is the flag in /var/www/flag.txt?
THM{MGU3Y2UyMGUwNjExYTY4NTAxOWJhMzhh}
3- Web Exploitation (Christmas Choas)
THM{885ffab980e049847516f9d8fe99ad1a}